git: d5f8bbbb157d - main - security/vuxml: add www/*chromium < 129.0.6668.{89,100}
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 09 Oct 2024 17:47:42 UTC
The branch main has been updated by rnagy:
URL: https://cgit.FreeBSD.org/ports/commit/?id=d5f8bbbb157d1e21ff02b2d4b7d938c18afc241b
commit d5f8bbbb157d1e21ff02b2d4b7d938c18afc241b
Author: Robert Nagy <rnagy@FreeBSD.org>
AuthorDate: 2024-10-09 17:46:50 +0000
Commit: Robert Nagy <rnagy@FreeBSD.org>
CommitDate: 2024-10-09 17:46:50 +0000
security/vuxml: add www/*chromium < 129.0.6668.{89,100}
Obtained from: https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html
Obtained from: https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html
---
security/vuxml/vuln/2024.xml | 72 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 72 insertions(+)
diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index bb0e58de4220..d387ffc914fd 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -1,3 +1,75 @@
+ <vuln vid="7217f6e8-3ff4-4387-845d-d1744bb7f95e">
+ <topic>chromium -- multiple security fixes</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <range><lt>129.0.6668.100</lt></range>
+ </package>
+ <package>
+ <name>ungoogled-chromium</name>
+ <range><lt>129.0.6668.100</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Chrome Releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html">
+ <p>This update includes 3 security fixes:</p>
+ <ul>
+ <li>[368241697] High CVE-2024-9602: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) on 2024-09-20</li>
+ <li>[367818758] High CVE-2024-9603: Type Confusion in V8. Reported by @WeShotTheMoon and @Nguyen Hoang Thach of starlabs on 2024-09-18</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2024-9602</cvename>
+ <cvename>CVE-2024-9603</cvename>
+ <url>https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html</url>
+ </references>
+ <dates>
+ <discovery>2024-10-08</discovery>
+ <entry>2024-10-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="83117378-f773-4617-bf74-477d569dcd74">
+ <topic>chromium -- multiple security fixes</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <range><lt>129.0.6668.89</lt></range>
+ </package>
+ <package>
+ <name>ungoogled-chromium</name>
+ <range><lt>129.0.6668.89</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Chrome Releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html">
+ <p>This update includes 4 security fixes:</p>
+ <ul>
+ <li>[367764861] High CVE-2024-7025: Integer overflow in Layout. Reported by Tashita Software Security on 2024-09-18</li>
+ <li>[368208152] High CVE-2024-9369: Insufficient data validation in Mojo. Reported by Xiantong Hou and Pisanbao of Wuheng Lab on 2024-09-19</li>
+ <li>[368311899] High CVE-2024-9370: Inappropriate implementation in V8. Reported by Nguyễn Hoàng Thạch, Đỗ Minh Tuấn, and Wu JinLin of STAR Labs SG Pte. Ltd. on 2024-09-19</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2024-7025</cvename>
+ <cvename>CVE-2024-9369</cvename>
+ <cvename>CVE-2024-9370</cvename>
+ <url>https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html</url>
+ </references>
+ <dates>
+ <discovery>2024-10-01</discovery>
+ <entry>2024-10-09</entry>
+ </dates>
+ </vuln>
+
<vuln vid="2368755b-83f6-11ef-8d2e-a04a5edf46d9">
<topic>Unbound -- Denial of service attack</topic>
<affects>