svn commit: r552856 - head/security/vuxml

Rene Ladan rene at FreeBSD.org
Wed Oct 21 08:22:20 UTC 2020 

Author: rene
Date: Wed Oct 21 08:22:19 2020
New Revision: 552856
URL: https://svnweb.freebsd.org/changeset/ports/552856

Log:
  Document new vulnerabilities in www/chromium < 86.0.4240.111
  
  Obtained from:	https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Oct 21 08:02:43 2020	(r552855)
+++ head/security/vuxml/vuln.xml	Wed Oct 21 08:22:19 2020	(r552856)
@@ -58,6 +58,50 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="f4722927-1375-11eb-8711-3065ec8fd3ec">
+    <topic>chromium -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>chromium</name>
+	<range><lt>86.0.4240.111</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Chrome Releases reports:</p>
+	<blockquote cite="https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html">
+	  <p>This release includes 5 security fixes:</p>
+	  <ul>
+	    <li>[1125337] High CVE-2020-16000: Inappropriate implementation in
+	    Blink. Reported by amaebi_jp on 2020-09-06</li>
+	    <li>[1135018] High CVE-2020-16001: Use after free in media.
+	    Reported by Khalil Zhani on 2020-10-05</li>
+	    <li>[1137630] High CVE-2020-16002: Use after free in PDFium.
+	    Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec
+	    at Qi'anxin Group on 2020-10-13</li>
+	    <li>[1139963] High CVE-2020-15999: Heap buffer overflow in
+	    Freetype. Reported by Sergei Glazunov of Google Project Zero on
+	    2020-10-19</li>
+	    <li>[1134960] Medium CVE-2020-16003: Use after free in printing.
+	    Reported by Khalil Zhani on 2020-10-04</li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2020-15999</cvename>
+      <cvename>CVE-2020-16000</cvename>
+      <cvename>CVE-2020-16001</cvename>
+      <cvename>CVE-2020-16002</cvename>
+      <cvename>CVE-2020-16003</cvename>
+      <url>https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html</url>
+    </references>
+    <dates>
+      <discovery>2020-10-20</discovery>
+      <entry>2020-10-21</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="a6860b11-0dee-11eb-94ff-6805ca2fa271">
     <topic>powerdns-recursor -- cache pollution</topic>
     <affects>

More information about the svn-ports-all mailing list