From nobody Wed May 22 13:06:38 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Vks5C1rbNz5LhMf; Wed, 22 May 2024 13:06:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Vks5C1Jlnz41kY; Wed, 22 May 2024 13:06:39 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1716383199; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=08vJdNfOwX4S6K7aj5YAQ3WwHbm44YiyV2QCoCvC0dY=; b=k2pACfxesGPLrARYbD2KxswIdue/5K/jqwbalwzDIlEt2+72Epi2xH9tSQNrXwiqK5YHw1 S+4NblnqmohYbCmlmQtv/p1gOPkP7iNyTH9D1dYe3RSjhYMJg1qUdS2OLJZh1R7/UpWt1U YgQdRDjbJHDS3bNusFLCTw6xmlsMFR3nMO7mxVmSmjsDKxzwuROgJmtKF084gVbAPnElcB wzGjbEytL2c4x80ln4AD82Sr+boMpGQdFq3uMYfbyd/64yfHOeWKGuGMllEo8KNjU/zIOF hdEvK9j+qvRuDWgxow+wCZdBBmU3s7afAikigJjUEKE62tT96yJrBZTpciJj3A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1716383199; a=rsa-sha256; cv=none; b=xGQpHY39dlqXG8eibyXPmPfrHqjXAsORIksYM0WkNrOOu5xEpLE1TUkmuHo9gRYaxlh7uw 4a92tI8lbrJQv6QpJcnxZXWYOxwdS2UOwo4AQA9W2FgTkAiruK7ClYr5cuUH0Djlt3ES8H 8EfMEDCUVWBr7WDtUt/h4g7883XRCfMPpqlvgAlgvQOLfucRs/bmDUnX/TKoiwwENCXHzI JYfVy9nF8Jwh5NiCYbtwjVOBfrwGC4S2NJB2uyabxZ+f74zyXlurjuyBF/8qaAUvpuDw3P PD4svNckYneI6cdJebyk4u7b2d4KFIXouCxFGrQLmDn25EOKNMRG/Zak+cuyLg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1716383199; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=08vJdNfOwX4S6K7aj5YAQ3WwHbm44YiyV2QCoCvC0dY=; b=UF7BuIll5SlUW4DqTlLa3I/W9GHlKlerhdzmTzTbFogu6wFPTJT6A6VSlSQd5ZU24IfyI4 D825X1bMUnC6Vju8yts/M6vQULARsLGroNI62qTRPbO3Gio3Hi3GlnjcSjbaFdLHbP6mWK d5pVG/EETxrH2EaR6nKgkOTigTkSHqN+YG+dH5Uqvg4NZyu98w8KRjck/CXcmAPB1IFnDT I9qrdu8kQ/XYsYspbsBgCAgAW1yMVVjZd9hvrgwibnVibkuH6aujpnh9gMaIqyVzFDWs8J 2G76Q2LCbacQDGx5SeuNgLKq61G2WzgkMpCuzBoVnQfzwhf88DAgdEzCSK25vg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Vks5C0nj8z15lG; Wed, 22 May 2024 13:06:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 44MD6cJw065663; Wed, 22 May 2024 13:06:38 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 44MD6cfA065660; Wed, 22 May 2024 13:06:38 GMT (envelope-from git) Date: Wed, 22 May 2024 13:06:38 GMT Message-Id: <202405221306.44MD6cfA065660@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Robert Nagy Subject: git: 7cf9cbe6d5cb - main - security/vuxml: add www/*chromium < 125.0.6422.76 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rnagy X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 7cf9cbe6d5cb1bc0c75b46771a1f87c42611a6cd Auto-Submitted: auto-generated The branch main has been updated by rnagy: URL: https://cgit.FreeBSD.org/ports/commit/?id=7cf9cbe6d5cb1bc0c75b46771a1f87c42611a6cd commit 7cf9cbe6d5cb1bc0c75b46771a1f87c42611a6cd Author: Robert Nagy AuthorDate: 2024-05-22 13:05:56 +0000 Commit: Robert Nagy CommitDate: 2024-05-22 13:06:32 +0000 security/vuxml: add www/*chromium < 125.0.6422.76 Obtained from: https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html --- security/vuxml/vuln/2024.xml | 47 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 45edda3e3fc6..dd236ede4438 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,50 @@ + + chromium -- multiple security fixes + + + chromium + 125.0.6422.76 + + + ungoogled-chromium + 125.0.6422.76 + + + + +

Chrome Releases reports:

+
+

This update includes 15 security fixes:

+
    +
  • [336012573] High CVE-2024-5157: Use after free in Scheduling. Reported by Looben Yang on 2024-04-21
  • +
  • [338908243] High CVE-2024-5158: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-05-06
  • +
  • [335613092] High CVE-2024-5159: Heap buffer overflow in ANGLE. Reported by David Sievers (@loknop) on 2024-04-18
  • +
  • [338161969] High CVE-2024-5160: Heap buffer overflow in Dawn. Reported by wgslfuzz on 2024-05-01
  • +
  • [340221135] High CVE-2024-4947: Type Confusion in V8. Reported by Vasily Berdnikov (@vaber_b) and Boris Larin (@oct0xor) of Kaspersky on 2024-05-13
  • +
  • [333414294] High CVE-2024-4948: Use after free in Dawn. Reported by wgslfuzz on 2024-04-09
  • +
  • [326607001] Medium CVE-2024-4949: Use after free in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2024-02-24
  • +
  • [40065403] Low CVE-2024-4950: Inappropriate implementation in Downloads. Reported by Shaheen Fazim on 2023-06-06
  • +
+
+ +
+ + CVE-2024-5157 + CVE-2024-5158 + CVE-2024-5159 + CVE-2024-5160 + CVE-2024-4947 + CVE-2024-4948 + CVE-2024-4949 + CVE-2024-4950 + https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html + + + 2024-05-21 + 2024-05-22 + +
+ Openfire administration console authentication bypass