From nobody Wed Jan 05 13:15:22 2022
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 79E081926601;
	Wed,  5 Jan 2022 13:15:23 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4JTVMv1g8Pz3h7n;
	Wed,  5 Jan 2022 13:15:23 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 18D254E7C;
	Wed,  5 Jan 2022 13:15:23 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 205DFNcQ062643;
	Wed, 5 Jan 2022 13:15:23 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 205DFM4r062642;
	Wed, 5 Jan 2022 13:15:22 GMT
	(envelope-from git)
Date: Wed, 5 Jan 2022 13:15:22 GMT
Message-Id: <202201051315.205DFM4r062642@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Rene Ladan <rene@FreeBSD.org>
Subject: git: 355c650718a5 - main - security/vuxml: document www/chromium < 97.0.4692.71
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rene
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 355c650718a5af17bd7d977253c1e6186e495f07
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1641388523;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=iFQe+F3NzASwCVLsVb4BUIi/r0425ZRu7l7VklsWed8=;
	b=TSkutSDFblH9AYp79ziapvqoaDeeVvUYfa6AII3/8EZWyVKaU26w2ita5MnAAW1Ne+XduN
	m1XK82+LpGCckHHKVEAuO4AYJq7vryGNZ5Kpe4TPD8Fl29zLOuIc6sEXX8nnMkTyLs3jFh
	uabOjwHdXCH1lnzLFmsVcMzpeVtBJ5zF10wruD+6ytl7Vj1jN6zA3Z/LuFEd0RS/PPFEk9
	5xuuNg+hpGJof/brXeBnilhEacO092lYXTZqYK66w4BmNwCZEa5HnclWJxAd3JgUXkOPmM
	6962eXQXElKUdoKTLfdpDT78/X5DdD2FCqYPPTxCDME+xIkmFDg8BNg9OCzGDg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1641388523; a=rsa-sha256; cv=none;
	b=ab3yzaZkHjUwKfpMaS/4BjE1QKgqr5vI0pK8VTdUBVN/nrGKrtMtmUR5ynj6VQ/iOCOTwl
	cF7z7Vg7YH1SowiRMluQjRocPDCo+Z1DQTuLYoi+0NKGmyv12ruy+JRSp+CA2+jpnFBJCi
	Nmpaexvj8BTyF1Tiapk2RpAsqHf1Xxs2//xWeHNnlO1P5BIbWlvxaxAEBWDNCL7aFnorou
	8GsEtQd2DEzB8EDGqD2s7qRRyo8n5RM41CI25t+Vcv789C01m0/0QOEbjy0dnuCIVZ1CWR
	HYxA+ysaDXn21pUlY8401tlSLpwJoeZlRKW1T4ZZsvCYHRCHWISraNGjgYGzaw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by rene:

URL: https://cgit.FreeBSD.org/ports/commit/?id=355c650718a5af17bd7d977253c1e6186e495f07

commit 355c650718a5af17bd7d977253c1e6186e495f07
Author:     Rene Ladan <rene@FreeBSD.org>
AuthorDate: 2022-01-05 13:11:32 +0000
Commit:     Rene Ladan <rene@FreeBSD.org>
CommitDate: 2022-01-05 13:14:51 +0000

    security/vuxml: document www/chromium < 97.0.4692.71
    
    While here add definitions for 2022, as this is the first vuxml commit
    of the year.  This cannot be done in its own commit because `make
      validate` complains in that case (even with a 0-byte vuln-2022.xml).
    
    Obtained from:  https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
---
 security/vuxml/files/tidy.xsl |   1 +
 security/vuxml/vuln-2022.xml  | 104 ++++++++++++++++++++++++++++++++++++++++++
 security/vuxml/vuln.xml       |   4 +-
 3 files changed, 108 insertions(+), 1 deletion(-)

diff --git a/security/vuxml/files/tidy.xsl b/security/vuxml/files/tidy.xsl
index 8bf948a94b6e..e48c36c691c2 100644
--- a/security/vuxml/files/tidy.xsl
+++ b/security/vuxml/files/tidy.xsl
@@ -44,6 +44,7 @@ result in more namespace declarations than we wish.
 <!ENTITY vuln-2019 SYSTEM "vuln-2019.xml">
 <!ENTITY vuln-2020 SYSTEM "vuln-2020.xml">
 <!ENTITY vuln-2021 SYSTEM "vuln-2021.xml">
+<!ENTITY vuln-2022 SYSTEM "vuln-2022.xml">
 ]>
 ]]></xsl:text>
   <xsl:apply-templates />
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml
new file mode 100644
index 000000000000..d2a5f1dfed62
--- /dev/null
+++ b/security/vuxml/vuln-2022.xml
@@ -0,0 +1,104 @@
+  <vuln vid="9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec">
+    <topic>chromium -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>chromium</name>
+	<range><lt>97.0.4692.71</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Chrome Releases reports:</p>
+	<blockquote cite="https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html">
+	  <p>This release contains 37 security fixes, including:</p>
+	  <ul>
+	    <li>[$TBD][1275020] Critical CVE-2022-0096: Use after free in
+	      Storage. Reported by Yangkang (@dnpushme) of 360 ATA on
+	      2021-11-30</li>
+	    <li>[1117173] High CVE-2022-0097: Inappropriate implementation in
+	      DevTools. Reported by David Erceg on 2020-08-17</li>
+	    <li>[1273609] High CVE-2022-0098: Use after free in Screen Capture.
+	      Reported by @ginggilBesel on 2021-11-24</li>
+	    <li>[1245629] High CVE-2022-0099: Use after free in Sign-in.
+	      Reported by Rox on 2021-09-01</li>
+	    <li>[1238209] High CVE-2022-0100: Heap buffer overflow in Media
+	      streams API. Reported by Cassidy Kim of Amber Security Lab, OPPO
+	      Mobile Telecommunications Corp. Ltd. on 2021-08-10</li>
+	    <li>[1249426] High CVE-2022-0101: Heap buffer overflow in Bookmarks.
+	      Reported by raven (@raid_akame) on 2021-09-14</li>
+	    <li>[1260129] High CVE-2022-0102: Type Confusion in V8 . Reported by
+	      Brendon Tiszka on 2021-10-14</li>
+	    <li>[1272266] High CVE-2022-0103: Use after free in SwiftShader.
+	      Reported by Abraruddin Khan and Omair on 2021-11-21</li>
+	    <li>[1273661] High CVE-2022-0104: Heap buffer overflow in ANGLE.
+	      Reported by Abraruddin Khan and Omair on 2021-11-25</li>
+	    <li>[1274376] High CVE-2022-0105: Use after free in PDF. Reported by
+	      Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications
+	      Corp. Ltd. on 2021-11-28</li>
+	    <li>[1278960] High CVE-2022-0106: Use after free in Autofill.
+	      Reported by Khalil Zhani on 2021-12-10</li>
+	    <li>[1248438] Medium CVE-2022-0107: Use after free in File Manager
+	      API. Reported by raven (@raid_akame) on 2021-09-10</li>
+	    <li>[1248444] Medium CVE-2022-0108: Inappropriate implementation in
+	      Navigation. Reported by Luan Herrera (@lbherrera_) on
+	      2021-09-10</li>
+	    <li>[1261689] Medium CVE-2022-0109: Inappropriate implementation in
+	      Autofill. Reported by Young Min Kim (@ylemkimon), CompSec Lab at
+	      Seoul National University on 2021-10-20</li>
+	    <li>[1237310] Medium CVE-2022-0110: Incorrect security UI in
+	      Autofill. Reported by Alesandro Ortiz on 2021-08-06</li>
+	    <li>[1241188] Medium CVE-2022-0111: Inappropriate implementation in
+	      Navigation. Reported by garygreen on 2021-08-18</li>
+	    <li>[1255713] Medium CVE-2022-0112: Incorrect security UI in Browser
+	      UI. Reported by Thomas Orlita on 2021-10-04</li>
+	    <li>[1039885] Medium CVE-2022-0113: Inappropriate implementation in
+	      Blink. Reported by Luan Herrera (@lbherrera_) on 2020-01-07</li>
+	    <li>[1267627] Medium CVE-2022-0114: Out of bounds memory access in
+	      Web Serial. Reported by Looben Yang on 2021-11-06</li>
+	    <li>[1268903] Medium CVE-2022-0115: Uninitialized Use in File API.
+	      Reported by Mark Brand of Google Project Zero on 2021-11-10</li>
+	    <li>[1272250] Medium CVE-2022-0116: Inappropriate implementation in
+	      Compositing. Reported by Irvan Kurniawan (sourc7) on
+	      2021-11-20</li>
+	    <li>[1115847] Low CVE-2022-0117: Policy bypass in Service Workers.
+	      Reported by Dongsung Kim (@kid1ng) on 2020-08-13</li>
+	    <li>[1238631] Low CVE-2022-0118: Inappropriate implementation in
+	      WebShare. Reported by Alesandro Ortiz on 2021-08-11</li>
+	    <li>[1262953] Low CVE-2022-0120: Inappropriate implementation in
+	      Passwords. Reported by CHAKRAVARTHI (Ruler96) on 2021-10-25</li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2022-0096</cvename>
+      <cvename>CVE-2022-0097</cvename>
+      <cvename>CVE-2022-0098</cvename>
+      <cvename>CVE-2022-0099</cvename>
+      <cvename>CVE-2022-0100</cvename>
+      <cvename>CVE-2022-0101</cvename>
+      <cvename>CVE-2022-0102</cvename>
+      <cvename>CVE-2022-0103</cvename>
+      <cvename>CVE-2022-0104</cvename>
+      <cvename>CVE-2022-0105</cvename>
+      <cvename>CVE-2022-0106</cvename>
+      <cvename>CVE-2022-0107</cvename>
+      <cvename>CVE-2022-0108</cvename>
+      <cvename>CVE-2022-0109</cvename>
+      <cvename>CVE-2022-0110</cvename>
+      <cvename>CVE-2022-0111</cvename>
+      <cvename>CVE-2022-0112</cvename>
+      <cvename>CVE-2022-0113</cvename>
+      <cvename>CVE-2022-0114</cvename>
+      <cvename>CVE-2022-0115</cvename>
+      <cvename>CVE-2022-0116</cvename>
+      <cvename>CVE-2022-0117</cvename>
+      <cvename>CVE-2022-0118</cvename>
+      <cvename>CVE-2022-0120</cvename>
+      <url>https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html</url>
+    </references>
+    <dates>
+      <discovery>2022-01-04</discovery>
+      <entry>2022-01-05</entry>
+    </dates>
+  </vuln>
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 25512c70513c..845b3df9e509 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -19,9 +19,10 @@
 <!ENTITY vuln-2019 SYSTEM "vuln-2019.xml">
 <!ENTITY vuln-2020 SYSTEM "vuln-2020.xml">
 <!ENTITY vuln-2021 SYSTEM "vuln-2021.xml">
+<!ENTITY vuln-2022 SYSTEM "vuln-2022.xml">
 ]>
 <!--
-Copyright 2003-2021 Jacques Vidrine and contributors
+Copyright 2003-2022 Jacques Vidrine and contributors
 
 Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
 HTML, PDF, PostScript, RTF and so forth) with or without modification,
@@ -77,6 +78,7 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+&vuln-2022;
 &vuln-2021;
 &vuln-2020;
 &vuln-2019;