From nobody Tue Apr 12 10:32:47 2022 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 1AF2213A78A5; Tue, 12 Apr 2022 10:32:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Kd29W5rZcz3w0L; Tue, 12 Apr 2022 10:32:47 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1649759567; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PxT8djH1010fYzyUfULBLDJ66mGpr6tt1GvSfEEjWio=; b=dDfWrLwallNFTo2AMCHBCMDjVlRwsoCQq+qqX/ZhP9kmgrdk4r2Za5uPiAqigMgqLahrkb Tu4vroW4p7x34QeDYsndTbhbxFzdn9xHjXmk7whdvF0blPaJQXL9cjnzyqd59iZNhGbpXD Zxk79KglewLyEkOceGb+1/9JET/dwYzr0Y/5+OzL9mKymRcyd4GpxhRlCYBNFEFShOrR1r 9viSUadee2y+H5ROo3OPyT4aAIOA626HlBMatFjqdEVM+lKnKCwoAhIU7MzfCeHJpEgpMu 3GlLLuklsbNiQHpHmm9YSGFw0rhmHnHpf7Q6fbm1qTEfryjP7ckIBmfXEaU32w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A97AB15ED4; Tue, 12 Apr 2022 10:32:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 23CAWl22014812; Tue, 12 Apr 2022 10:32:47 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 23CAWlk3014811; Tue, 12 Apr 2022 10:32:47 GMT (envelope-from git) Date: Tue, 12 Apr 2022 10:32:47 GMT Message-Id: <202204121032.23CAWlk3014811@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Rene Ladan Subject: git: b4cf37c358a9 - main - security/vuxml: add www/chromium < 100.0.4896.88 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rene X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b4cf37c358a90db880d0330cf9ff514cfd4452ed Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1649759567; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PxT8djH1010fYzyUfULBLDJ66mGpr6tt1GvSfEEjWio=; b=UeVcdw/UINJLmppIGvwb5US2YhxG/2MJhdGyfTPYk78nRT+E31p5hm+ETsJhJDR2ZrmmOt +YGDgATv8g3oTeVs6rA3m0yWq8R91JQ5Lh7fhr451CM3zBq1uTDgAN3ZTPUpz3aBkhzBSN P00+LYKm/BVYttuJu1k29iNd2Y3yq7mhKa4X6RBAQWQuB+lCUe5C5iVmhU6TX/2tJw3T/z LB10l50kpHmJ86v1oUCTw3ZMkEs/nIldnyoe83sQ4OOQhRIAAgcpTDZOwJkqOy54s+817A Ozqohnr/7oqJ+WExqnVtnMPIPIIUjuw7PuwyFj4xuPxHKEVa+GDNsuehhIV+ow== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1649759567; a=rsa-sha256; cv=none; b=Icp4sUlIKgaRKInJMYcTyxITxgoAR0u/uG7EBBUHxEHp4afhAFz2YEtN3QN6dq2PFbvb2P BFPdoh3hd+WcStIYA9RdoPscXWkJnSdtacAwe1INYeFbtlAYY1X9RmGOMxmlFokrv/Yt0k PtiTQzDZwWjzauTRS9K9j5pjAqF0Rg6dVQJyZvswPEUT3InklEfYHfPkPkK6f1injtO7iu 2qj+QoGvYIEtseDwxCknDNHiZQrjJqukTyFwRZdmDA/19SBpc13W+WaZXypxrAxiM4MqIq YoPBfcRD8DVjFCpLgRiAQL400wFoCBwbjoof9MRe5JZbPuMVQtHpVim98vUt1w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by rene: URL: https://cgit.FreeBSD.org/ports/commit/?id=b4cf37c358a90db880d0330cf9ff514cfd4452ed commit b4cf37c358a90db880d0330cf9ff514cfd4452ed Author: Rene Ladan AuthorDate: 2022-04-12 10:31:23 +0000 Commit: Rene Ladan CommitDate: 2022-04-12 10:32:39 +0000 security/vuxml: add www/chromium < 100.0.4896.88 Obtained from: https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html --- security/vuxml/vuln-2022.xml | 47 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index 99da43780638..4017ed890967 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,50 @@ + + Chromium -- mulitple vulnerabilities + + + chromium + 100.0.4896.88 + + + + +

Chrome Releases reports:

+
+

This release contains 11 security fixes, including:

+
    +
  • [1285234] High CVE-2022-1305: Use after free in storage. Reported by Anonymous on 2022-01-07
  • +
  • [1299287] High CVE-2022-1306: Inappropriate implementation in compositing. Reported by Sven Dysthe on 2022-02-21
  • +
  • [1301873] High CVE-2022-1307: Inappropriate implementation in full screen. Reported by Irvan Kurniawan (sourc7) on 2022-03-01
  • +
  • [1283050] High CVE-2022-1308: Use after free in BFCache. Reported by Samet Bekmezci (@sametbekmezci) on 2021-12-28
  • +
  • [1106456] High CVE-2022-1309: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-07-17
  • +
  • [1307610] High CVE-2022-1310: Use after free in regular expressions. Reported by Brendon Tiszka on 2022-03-18
  • +
  • [1310717] High CVE-2022-1311: Use after free in Chrome OS shell. Reported by Nan Wang (@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-03-28
  • +
  • [1311701] High CVE-2022-1312: Use after free in storage. Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute on 2022-03-30
  • +
  • [1270539] Medium CVE-2022-1313: Use after free in tab groups. Reported by Thomas Orlita on 2021-11-16
  • +
  • [1304658] Medium CVE-2022-1314: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-03-09
  • +
+
+ +
+ + CVE-2022-1305 + CVE-2022-1306 + CVE-2022-1307 + CVE-2022-1308 + CVE-2022-1309 + CVE-2022-1310 + CVE-2022-1311 + CVE-2022-1312 + CVE-2022-1313 + CVE-2022-1314 + https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html + + + 2022-04-11 + 2022-04-12 + +
+ Django -- multiple vulnerabilities