git: e4c82f68dd9b - main - security/vuxml: add www/*chromium < 110.0.5481.77
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 10 Feb 2023 20:49:52 UTC
The branch main has been updated by rnagy:
URL: https://cgit.FreeBSD.org/ports/commit/?id=e4c82f68dd9be9862a0eefa99eb67cac399e6b60
commit e4c82f68dd9be9862a0eefa99eb67cac399e6b60
Author: Robert Nagy <rnagy@FreeBSD.org>
AuthorDate: 2023-02-10 14:48:13 +0000
Commit: Robert Nagy <rnagy@FreeBSD.org>
CommitDate: 2023-02-10 20:49:46 +0000
security/vuxml: add www/*chromium < 110.0.5481.77
Approved by: rene (mentor)
Obtained from: https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
---
security/vuxml/vuln/2023.xml | 53 +++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 52 insertions(+), 1 deletion(-)
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index 8982029b8346..2ac8c475290c 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,54 @@
+ <vuln vid="310ca30e-a951-11ed-8314-a8a1599412c6">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <range><lt>110.0.5481.77</lt></range>
+ </package>
+ <package>
+ <name>ungoogled-chromium</name>
+ <range><lt>110.0.5481.77</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Chrome Releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html">
+ <p>This release contains 15 security fixes, including:</p>
+ <ul>
+ <li>[1402270] High CVE-2023-0696: Type Confusion in V8. Reported by Haein Lee at KAIST Hacking Lab on 2022-12-18</li>
+ <li>[1341541] High CVE-2023-0697: Inappropriate implementation in Full screen mode. Reported by Ahmed ElMasry on 2022-07-03</li>
+ <li>[1403573] High CVE-2023-0698: Out of bounds read in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2022-12-25</li>
+ <li>[1371859] Medium CVE-2023-0699: Use after free in GPU. Reported by 7o8v and Cassidy Kim(@cassidy6564) on 2022-10-06</li>
+ <li>[1393732] Medium CVE-2023-0700: Inappropriate implementation in Download. Reported by Axel Chong on 2022-11-26</li>
+ <li>[1405123] Medium CVE-2023-0701: Heap buffer overflow in WebUI. Reported by Sumin Hwang of SSD Labs on 2023-01-05</li>
+ <li>[1316301] Medium CVE-2023-0702: Type Confusion in Data Transfer. Reported by Sri on 2022-04-14</li>
+ <li>[1405574] Medium CVE-2023-0703: Type Confusion in DevTools. Reported by raven at KunLun lab on 2023-01-07</li>
+ <li>[1385982] Low CVE-2023-0704: Insufficient policy enforcement in DevTools. Reported by Rhys Elsmore and Zac Sims of the Canva security team on 2022-11-18</li>
+ <li>[1238642] Low CVE-2023-0705: Integer overflow in Core. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-11</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2023-0696</cvename>
+ <cvename>CVE-2023-0697</cvename>
+ <cvename>CVE-2023-0698</cvename>
+ <cvename>CVE-2023-0699</cvename>
+ <cvename>CVE-2023-0700</cvename>
+ <cvename>CVE-2023-0701</cvename>
+ <cvename>CVE-2023-0702</cvename>
+ <cvename>CVE-2023-0703</cvename>
+ <cvename>CVE-2023-0704</cvename>
+ <cvename>CVE-2023-0705</cvename>
+ <url>https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html</url>
+ </references>
+ <dates>
+ <discovery>2023-02-07</discovery>
+ <entry>2023-02-10</entry>
+ </dates>
+ </vuln>
+
<vuln vid="7a8b6170-a889-11ed-bbae-6cc21735f730">
<topic>PostgreSQL server -- Client memory disclosure when connecting, with Kerberos, to modified server.</topic>
<affects>
@@ -37,7 +88,7 @@
presence of notable, confidential information in
disclosed bytes.
</p>
- </blockquote>
+ </blockquote>
</body>
</description>
<references>