git: 35087f7559e4 - main - security/vuxml: add www/*chromium < 113.0.5672.63
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 03 May 2023 06:15:55 UTC
The branch main has been updated by rnagy:
URL: https://cgit.FreeBSD.org/ports/commit/?id=35087f7559e4820b10f7868d7075f7622a60f189
commit 35087f7559e4820b10f7868d7075f7622a60f189
Author: Robert Nagy <rnagy@FreeBSD.org>
AuthorDate: 2023-05-03 06:15:00 +0000
Commit: Robert Nagy <rnagy@FreeBSD.org>
CommitDate: 2023-05-03 06:15:46 +0000
security/vuxml: add www/*chromium < 113.0.5672.63
Approved by: rene (mentor, implicit)
Obtained from: https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html
---
security/vuxml/vuln/2023.xml | 51 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 51 insertions(+)
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index f99f293f1b97..78f26d799dd3 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,54 @@
+ <vuln vid="246174d3-e979-11ed-8290-a8a1599412c6">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <range><lt>113.0.5672.63</lt></range>
+ </package>
+ <package>
+ <name>ungoogled-chromium</name>
+ <range><lt>113.0.5672.63</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Chrome Releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html">
+ <p>This update includes 15 security fixes:</p>
+ <ul>
+ <li>[1423304] Medium CVE-2023-2459: Inappropriate implementation in Prompts. Reported by Rong Jian of VRI on 2023-03-10</li>
+ <li>[1419732] Medium CVE-2023-2460: Insufficient validation of untrusted input in Extensions. Reported by Martin Bajanik, Fingerprint[.]com on 2023-02-27</li>
+ <li>[1350561] Medium CVE-2023-2461: Use after free in OS Inputs. Reported by @ginggilBesel on 2022-08-06</li>
+ <li>[1375133] Medium CVE-2023-2462: Inappropriate implementation in Prompts. Reported by Alesandro Ortiz on 2022-10-17</li>
+ <li>[1406120] Medium CVE-2023-2463: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2023-01-10</li>
+ <li>[1418549] Medium CVE-2023-2464: Inappropriate implementation in PictureInPicture. Reported by Thomas Orlita on 2023-02-23</li>
+ <li>[1399862] Medium CVE-2023-2465: Inappropriate implementation in CORS. Reported by @kunte_ctf on 2022-12-10</li>
+ <li>[1385714] Low CVE-2023-2466: Inappropriate implementation in Prompts. Reported by Jasper Rebane (popstonia) on 2022-11-17</li>
+ <li>[1413586] Low CVE-2023-2467: Inappropriate implementation in Prompts. Reported by Thomas Orlita on 2023-02-07</li>
+ <li>[1416380] Low CVE-2023-2468: Inappropriate implementation in PictureInPicture. Reported by Alesandro Ortiz on 2023-02-15</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2023-2459</cvename>
+ <cvename>CVE-2023-2460</cvename>
+ <cvename>CVE-2023-2461</cvename>
+ <cvename>CVE-2023-2462</cvename>
+ <cvename>CVE-2023-2463</cvename>
+ <cvename>CVE-2023-2464</cvename>
+ <cvename>CVE-2023-2465</cvename>
+ <cvename>CVE-2023-2466</cvename>
+ <cvename>CVE-2023-2467</cvename>
+ <cvename>CVE-2023-2468</cvename>
+ <url>https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html</url>
+ </references>
+ <dates>
+ <discovery>2023-05-03</discovery>
+ <entry>2023-05-03</entry>
+ </dates>
+ </vuln>
+
<vuln vid="4ffcccae-e924-11ed-9c88-001b217b3468">
<topic>Gitlab -- Multiple Vulnerabilities</topic>
<affects>