From nobody Thu Feb 23 06:17:35 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PMjVl5Tthz3t3nD; Thu, 23 Feb 2023 06:17:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PMjVl4zFpz3DZ4; Thu, 23 Feb 2023 06:17:35 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1677133055; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wL/Lh7HBwDGfljlmC38in7xtqRlRexjkcE9a1YKsuxI=; b=tWCeE+FUGEBXfL1vcD7P0vitLHyUhm8+5mD3yD0YNSCf9wtFtMESu+p8a8gQjJgI8jWb9Z XXLtepEYHz+uss36X/iT3ueCZn3jI9oDgxorvYofQXihqBcPW5ynmgtJqh0W5SaEDwQENX fXreoPSz+MHjaVqQjf2756L3z+kB/BCgJDcpYGcm61yViuHgbTZvqaJNYaIVyopFQBwqUq A0yaXqqYU2iSErnh09Ku+hbCu+AByTXSSYXQW/i+vCh8j7hAhSs/8uH8s4q6/fpO8VJJJH W2ASZps1W7CebKvbBSB0aMS1wepJgEbB3v8wo4UtBTfl97FgQKQ1i5b8UhEp6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1677133055; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wL/Lh7HBwDGfljlmC38in7xtqRlRexjkcE9a1YKsuxI=; b=XDcsZN7zHoPs89BPjhFde7s1rNpDpoNtEdfOENXKgvD5JFe300maYFZMsgFl/usREPKUsI tNL4k4WyoZENAaA9ElDmAFmkzD5oeblrW+UMRZFR+kalmbR879VprS1YsCT0F7n32bf6eI dc31ooVykI6gS0nZqqqL8c5iZuLd3WrgzmY9pZVh/IHuZV/ZD1l87Ro+CqbQTAFXkUc9xJ eCR3w3lWfPAJIYjgnvAuHaHuOIu/cUFuQJDh8HGsoCrXXD/VnnbRBSTNgVgFdRcz1OazZw 2xVJSYnDQrmEzg4pXSKWS1Ocwu/Qf2nWXL1eriNZU1eNASvDKBVmQqT75VpBgQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1677133055; a=rsa-sha256; cv=none; b=G7qFBD5hs40iWXxWNhJfkXeIghNnSLn3HGTLa62zaD5McTBPQuXB8ZphwZlziK+I7JgSaH 602pZ77WzbREXWlrErsbname9tjtCfi0vUfGz/tRjfqn+uXGmwIkGnq16v/h1wymzrapM2 w/qRdSkcrPjm0NFZyEK2aWrS1TEOHQZnjqGvdkQbaBqZfoCZrXZq7fytB9VeUzxl1UZ+x9 bBnNC+oc874/r8F7zIDMP6+xUX4EYfUWgx70O5O+NlWnbdM5vL0ivvTL0ZPnAtfAHBEox+ ZTFpTriH8+U9ioL3ZkN4qpXNUB5o17VdNddt1ckIEdnNmOQ1BxFoxrAS3xZVAA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PMjVl40BDzX3T; Thu, 23 Feb 2023 06:17:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 31N6HZKQ072900; Thu, 23 Feb 2023 06:17:35 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 31N6HZQe072899; Thu, 23 Feb 2023 06:17:35 GMT (envelope-from git) Date: Thu, 23 Feb 2023 06:17:35 GMT Message-Id: <202302230617.31N6HZQe072899@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Robert Nagy Subject: git: e132bf708a11 - main - security/vuxml: add www/*chromium < 110.0.5481.177 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rnagy X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e132bf708a112e487bc690b6d221d1e6a14a530b Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by rnagy: URL: https://cgit.FreeBSD.org/ports/commit/?id=e132bf708a112e487bc690b6d221d1e6a14a530b commit e132bf708a112e487bc690b6d221d1e6a14a530b Author: Robert Nagy AuthorDate: 2023-02-22 19:41:46 +0000 Commit: Robert Nagy CommitDate: 2023-02-23 06:17:11 +0000 security/vuxml: add www/*chromium < 110.0.5481.177 Approved by: rene (mentor) Obtained from: https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html --- security/vuxml/vuln/2023.xml | 47 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 84b6afb7bb69..2ba2c6e0ac95 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,50 @@ + + chromium -- multiple vulnerabilities + + + chromium + 110.0.5481.177 + + + ungoogled-chromium + 110.0.5481.177 + + + + +

Chrome Releases reports:

+
+

This update includes 10 security fixes:

+
    +
  • [1415366] Critical CVE-2023-0941: Use after free in Prompts. Reported by Anonymous on 2023-02-13
  • +
  • [1414738] High CVE-2023-0927: Use after free in Web Payments API. Reported by Rong Jian of VRI on 2023-02-10
  • +
  • [1309035] High CVE-2023-0928: Use after free in SwiftShader. Reported by Anonymous on 2022-03-22
  • +
  • [1399742] High CVE-2023-0929: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2022-12-09
  • +
  • [1410766] High CVE-2023-0930: Heap buffer overflow in Video. Reported by Cassidy Kim(@cassidy6564) on 2023-01-27
  • +
  • [1407701] High CVE-2023-0931: Use after free in Video. Reported by Cassidy Kim(@cassidy6564) on 2023-01-17
  • +
  • [1413005] High CVE-2023-0932: Use after free in WebRTC. Reported by Omri Bushari (Talon Cyber Security) on 2023-02-05
  • +
  • [1404864] Medium CVE-2023-0933: Integer overflow in PDF. Reported by Zhiyi Zhang from Codesafe Team of Legendsec at QI-ANXIN
  • +
+
+ +
+ + CVE-2023-0941 + CVE-2023-0927 + CVE-2023-0928 + CVE-2023-0929 + CVE-2023-0930 + CVE-2023-0931 + CVE-2023-0932 + CVE-2023-0933 + https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html + + + 2023-02-22 + 2023-02-22 + +
+ zeek -- potential DoS vulnerabilities