From nobody Thu Apr 28 07:47:13 2022
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 2E3C9199BA7A;
	Thu, 28 Apr 2022 07:47:14 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Kpnl60nTkz4h6X;
	Thu, 28 Apr 2022 07:47:14 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1651132034;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=fYQxtg3Fujl4j+aVSzjQGSYrWFiuQSPbkIUjr9Cfkjw=;
	b=Fwpz79gXjlQJxf8F7JUCU1AjBoGiO30/7S85u7gcCUKNqAiU6nIr46ql0HKDcheE/XIypf
	x4zV+S2mYQUEXqqBjO799Dsk4NLodqYggluG432V1ccSI0cJHDgFQomyTUUikF/10HQwvk
	BKqmw4du2HfZRKGNCc4XnYI+xw1X0RaQC12+EvxLVRDYNCjzCZHv+3MyJ85lWCLHoiD/Jz
	RZ8WslIV2NP+3Zoo++iXlEG3Y6OQnYflmK/1sVErdIgtbYCNZ5731JIzPVVrUQFKZ4FLan
	ufiHQCIEKhxmiAh2ISAV7iwVnmqdrQP6O7wMYoByfyMsq/p9NEFM4M7j6vDvNg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EF4E914B8D;
	Thu, 28 Apr 2022 07:47:13 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 23S7lDfA046853;
	Thu, 28 Apr 2022 07:47:13 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 23S7lDlw046852;
	Thu, 28 Apr 2022 07:47:13 GMT
	(envelope-from git)
Date: Thu, 28 Apr 2022 07:47:13 GMT
Message-Id: <202204280747.23S7lDlw046852@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Rene Ladan <rene@FreeBSD.org>
Subject: git: de6ddae04aea - main - security/vuxml: add www/chromium < 101.0.4951.41
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rene
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: de6ddae04aea36b08b8732348ec4a37822b61f1b
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1651132034;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=fYQxtg3Fujl4j+aVSzjQGSYrWFiuQSPbkIUjr9Cfkjw=;
	b=TfHenKyOdRJEB1aryqSqsPVDxAy9BlAhIV/+YnmhJ9p7Sf/7vPpjgnoqxXbbnrk7I/JRt+
	AwCCN/801qsD1bcXpwyQN/DpAFHxdSLZcVwf2eAvte12+pKwKx93FZfGV9SMDqpKzubTny
	rT4w+Kz/fXMkPREL48206G9y5VtoH2EEFoCX4XtX0mdyEs98H5ygi8JR5ARv/3ykwmRdS5
	6vV/MaqwlPaVs2A0taZZ86IHOgIBxUJXJ0wygn2uwEI65Nm/WFQr3oWK+oRBTwyotTf8Qe
	TMzLztUL/PzByoIKVJ8EnSaq0s67+1GU7CFshs4bCUgX2ajrkTXIdXoznJ23mg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1651132034; a=rsa-sha256; cv=none;
	b=myTObuhREBx4Tg+yy6dhu2NzHGAUQhMWDdNyV4wtnvG/dGzp9UyYbMkNadI1n0PRk41vTH
	Bl6WFvDG2rjr5e680HFa3FK6vlbSRSXdTQsC3Iv+HfsBSffiJWf1Zi/aZGYJfY5bVhHqMm
	YLrmJF3A/v3ilBRpyFQiLZ4Nnz6fyJvZa+nyxSECk84qUbAusRkVKSbbBSfGVmBW/kYOY5
	blVm491c3iTWrdAxwuYkgcis5uZIKcEqHip46nm10S8rY8KqdWRm740NPujLQoG4u8Qob7
	EncxJrzR5fjPckxrUgZZR34RKW00FmIny1egeFK+NOFunuH02HkOTFWa56OEPw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by rene:

URL: https://cgit.FreeBSD.org/ports/commit/?id=de6ddae04aea36b08b8732348ec4a37822b61f1b

commit de6ddae04aea36b08b8732348ec4a37822b61f1b
Author:     Rene Ladan <rene@FreeBSD.org>
AuthorDate: 2022-04-28 07:45:56 +0000
Commit:     Rene Ladan <rene@FreeBSD.org>
CommitDate: 2022-04-28 07:45:56 +0000

    security/vuxml: add www/chromium < 101.0.4951.41
    
    Obtained from:  https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html
---
 security/vuxml/vuln-2022.xml | 77 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 77 insertions(+)

diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml
index 00596de83245..91603057c16c 100644
--- a/security/vuxml/vuln-2022.xml
+++ b/security/vuxml/vuln-2022.xml
@@ -1,3 +1,80 @@
+  <vuln vid="26f2123b-c6c6-11ec-b66f-3065ec8fd3ec">
+    <topic>chromium -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>chromium</name>
+	<range><lt>101.0.4951.41</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Chrome Releases reports:</p>
+	<blockquote cite="https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html">
+	  <p>This release contains 30 security fixes, including:</p>
+	  <ul>
+	    <li>[1313905] High CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-04-06</li>
+	    <li>[1299261] High CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park (SeHwa) on 2022-02-20</li>
+	    <li>[1305190] High CVE-2022-1479: Use after free in ANGLE. Reported by Jeonghoon Shin of Theori on 2022-03-10</li>
+	    <li>[1307223] High CVE-2022-1480: Use after free in Device API. Reported by @uwu7586 on 2022-03-17</li>
+	    <li>[1302949] High CVE-2022-1481: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-03-04</li>
+	    <li>[1304987] High CVE-2022-1482: Inappropriate implementation in WebGL. Reported by Christoph Diehl, Microsoft on 2022-03-10</li>
+	    <li>[1314754] High CVE-2022-1483: Heap buffer overflow in WebGPU. Reported by Mark Brand of Google Project Zero on 2022-04-08</li>
+	    <li>[1297429] Medium CVE-2022-1484: Heap buffer overflow in Web UI Settings. Reported by Chaoyuan Peng (@ret2happy) on 2022-02-15</li>
+	    <li>[1299743] Medium CVE-2022-1485: Use after free in File System API. Reported by Anonymous on 2022-02-22</li>
+	    <li>[1314616] Medium CVE-2022-1486: Type Confusion in V8. Reported by Brendon Tiszka on 2022-04-08</li>
+	    <li>[1304368] Medium CVE-2022-1487: Use after free in Ozone. Reported by Sri on 2022-03-09</li>
+	    <li>[1302959] Medium CVE-2022-1488: Inappropriate implementation in Extensions API. Reported by Thomas Beverley from Wavebox.io on 2022-03-04</li>
+	    <li>[1300561] Medium CVE-2022-1489: Out of bounds memory access in UI Shelf. Reported by Khalil Zhani on 2022-02-25</li>
+	    <li>[1301840] Medium CVE-2022-1490: Use after free in Browser Switcher. Reported by raven at KunLun lab on 2022-03-01</li>
+	    <li>[1305706] Medium CVE-2022-1491: Use after free in Bookmarks. Reported by raven at KunLun lab on 2022-03-12</li>
+	    <li>[1315040] Medium CVE-2022-1492: Insufficient data validation in Blink Editing. Reported by Michal Bentkowski of Securitum on 2022-04-11</li>
+	    <li>[1275414] Medium CVE-2022-1493: Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-12-01</li>
+	    <li>[1298122] Medium CVE-2022-1494: Insufficient data validation in Trusted Types. Reported by Masato Kinugawa on 2022-02-17</li>
+	    <li>[1301180] Medium CVE-2022-1495: Incorrect security UI in Downloads. Reported by Umar Farooq on 2022-02-28</li>
+	    <li>[1306391] Medium CVE-2022-1496: Use after free in File Manager. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2022-03-15</li>
+	    <li>[1264543] Medium CVE-2022-1497: Inappropriate implementation in Input. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-10-29</li>
+	    <li>[1297138] Low CVE-2022-1498: Inappropriate implementation in HTML Parser. Reported by SeungJu Oh (@real_as3617) on 2022-02-14</li>
+	    <li>[1000408] Low CVE-2022-1499: Inappropriate implementation in WebAuthentication. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-04</li>
+	    <li>[1223475] Low CVE-2022-1500: Insufficient data validation in Dev Tools. Reported by Hoang Nguyen on 2021-06-25</li>
+	    <li>[1293191] Low CVE-2022-1501: Inappropriate implementation in iframe. Reported by Oriol Brufau on 2022-02-02</li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2022-1477</cvename>
+      <cvename>CVE-2022-1478</cvename>
+      <cvename>CVE-2022-1479</cvename>
+      <cvename>CVE-2022-1480</cvename>
+      <cvename>CVE-2022-1481</cvename>
+      <cvename>CVE-2022-1482</cvename>
+      <cvename>CVE-2022-1483</cvename>
+      <cvename>CVE-2022-1484</cvename>
+      <cvename>CVE-2022-1485</cvename>
+      <cvename>CVE-2022-1486</cvename>
+      <cvename>CVE-2022-1487</cvename>
+      <cvename>CVE-2022-1488</cvename>
+      <cvename>CVE-2022-1489</cvename>
+      <cvename>CVE-2022-1490</cvename>
+      <cvename>CVE-2022-1491</cvename>
+      <cvename>CVE-2022-1492</cvename>
+      <cvename>CVE-2022-1493</cvename>
+      <cvename>CVE-2022-1494</cvename>
+      <cvename>CVE-2022-1495</cvename>
+      <cvename>CVE-2022-1496</cvename>
+      <cvename>CVE-2022-1497</cvename>
+      <cvename>CVE-2022-1498</cvename>
+      <cvename>CVE-2022-1499</cvename>
+      <cvename>CVE-2022-1500</cvename>
+      <cvename>CVE-2022-1501</cvename>
+      <url>https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html</url>
+    </references>
+    <dates>
+      <discovery>2022-04-26</discovery>
+      <entry>2022-04-28</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="cc42db1c-c65f-11ec-ad96-0800270512f4">
     <topic>redis -- Multiple vulnerabilities</topic>
     <affects>