From a93ed911d0b3816831caa00673f13d2493e7b572 Mon Sep 17 00:00:00 2001 From: cpm Date: Fri, 16 Jun 2017 10:52:28 +0000 Subject: Document new vulnerabilities in www/chromium < 59.0.3071.104 Obtained from: https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html --- security/vuxml/vuln.xml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 6cc6b7c38e97..1c6b84357444 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,44 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + chromium -- multiple vulnerabilities + + + chromium + chromium-pulse + 59.0.3071.104 + + + + +

Google Chrome releaseses reports:

+
5 security fixes in this release, including:
+
+
[725032] High CVE-2017-5087: Sandbox Escape in IndexedDB. Reported by + Ned Williamson on 2017-05-22
+
[729991] High CVE-2017-5088: Out of bounds read in V8. Reported by + Xiling Gong of Tencent Security Platform Department on 2017-06-06
+
[714196] Medium CVE-2017-5089: Domain spoofing in Omnibox. Reported by + Michal Bentkowski on 2017-04-21
+
[732498] Various fixes from internal audits, fuzzing and other initiatives
+
+

+ + + + CVE-2017-5087 + CVE-2017-5088 + CVE-2017-5089 + https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html + + + 2017-06-15 + 2017-06-16 + + + cURL -- URL file scheme drive letter buffer overflow -- cgit