git: 40c70d31cf0e - main - security/vuxml: add www/*chromium < 109.0.5414.74
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 10 Jan 2023 19:50:56 UTC
The branch main has been updated by rene: URL: https://cgit.FreeBSD.org/ports/commit/?id=40c70d31cf0e8393604bc6a20bff9ee8df5157bc commit 40c70d31cf0e8393604bc6a20bff9ee8df5157bc Author: Rene Ladan <rene@FreeBSD.org> AuthorDate: 2023-01-10 19:46:56 +0000 Commit: Rene Ladan <rene@FreeBSD.org> CommitDate: 2023-01-10 19:46:56 +0000 security/vuxml: add www/*chromium < 109.0.5414.74 Obtained from: https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html --- security/vuxml/vuln/2023.xml | 59 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index a435871a86b5..35895839ff4c 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,62 @@ + <vuln vid="7b929503-911d-11ed-a925-3065ec8fd3ec"> + <topic>chromium -- multiple vulnerabilities</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>109.0.5414.74</lt></range> + </package> + <package> + <name>ungoogled-chromium</name> + <range><lt>109.0.5414.74</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html"> + <p>This release contains 17 security fixes, including:</p> + <ul> + <li>[1353208] High CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16</li> + <li>[1382033] High CVE-2023-0129: Heap buffer overflow in Network Service. Reported by asnine on 2022-11-07</li> + <li>[1370028] Medium CVE-2023-0130: Inappropriate implementation in Fullscreen API. Reported by Hafiizh on 2022-09-30</li> + <li>[1357366] Medium CVE-2023-0131: Inappropriate implementation in iframe Sandbox. Reported by NDevTK on 2022-08-28</li> + <li>[1371215] Medium CVE-2023-0132: Inappropriate implementation in Permission prompts. Reported by Jasper Rebane (popstonia) on 2022-10-05</li> + <li>[1375132] Medium CVE-2023-0133: Inappropriate implementation in Permission prompts. Reported by Alesandro Ortiz on 2022-10-17</li> + <li>[1385709] Medium CVE-2023-0134: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-17</li> + <li>[1385831] Medium CVE-2023-0135: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-18</li> + <li>[1356987] Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API. Reported by Axel Chong on 2022-08-26</li> + <li>[1399904] Medium CVE-2023-0137: Heap buffer overflow in Platform Apps. Reported by avaue and Buff3tts at S.S.L. on 2022-12-10</li> + <li>[1346675] Low CVE-2023-0138: Heap buffer overflow in libphonenumber. Reported by Michael Dau on 2022-07-23</li> + <li>[1367632] Low CVE-2023-0139: Insufficient validation of untrusted input in Downloads. Reported by Axel Chong on 2022-09-24</li> + <li>[1326788] Low CVE-2023-0140: Inappropriate implementation in File System API. Reported by harrison.mitchell, cybercx.com.au on 2022-05-18</li> + <li>[1362331] Low CVE-2023-0141: Insufficient policy enforcement in CORS. Reported by scarlet on 2022-09-12</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2023-0128</cvename> + <cvename>CVE-2023-0129</cvename> + <cvename>CVE-2023-0130</cvename> + <cvename>CVE-2023-0131</cvename> + <cvename>CVE-2023-0132</cvename> + <cvename>CVE-2023-0133</cvename> + <cvename>CVE-2023-0134</cvename> + <cvename>CVE-2023-0135</cvename> + <cvename>CVE-2023-0136</cvename> + <cvename>CVE-2023-0137</cvename> + <cvename>CVE-2023-0138</cvename> + <cvename>CVE-2023-0139</cvename> + <cvename>CVE-2023-0140</cvename> + <cvename>CVE-2023-0141</cvename> + <url>https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html</url> + </references> + <dates> + <discovery>2023-01-10</discovery> + <entry>2023-01-10</entry> + </dates> + </vuln> + <vuln vid="59c284f4-8d2e-11ed-9ce0-b42e991fc52e"> <topic>net-mgmt/cacti is vulnerable to remote command injection</topic> <affects>