svn commit: r453053 - head/security/vuxml
Carlos J. Puga Medina
cpm at FreeBSD.org
Sat Oct 28 09:59:33 UTC 2017
Author: cpm
Date: Sat Oct 28 09:59:31 2017
New Revision: 453053
URL: https://svnweb.freebsd.org/changeset/ports/453053
Log:
Document new vulnerability in www/chromium < 62.0.3202.75
Obtained from: https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop_26.html
Security: CVE-2017-15396
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sat Oct 28 09:13:21 2017 (r453052)
+++ head/security/vuxml/vuln.xml Sat Oct 28 09:59:31 2017 (r453053)
@@ -58,6 +58,36 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="3cd46257-bbc5-11e7-a3bc-e8e0b747a45a">
+ <topic>chromium -- Stack overflow in V8</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <range><lt>62.0.3202.75</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop_26.html">
+ <p>1 security fix in this release, including:</p>
+ <ul>
+ <li>[770452] High CVE-2017-15396: Stack overflow in V8. Reported by
+ Yuan Deng of Ant-financial Light-Year Security Lab on 2017-09-30</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-15396</cvename>
+ <url>https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop_26.html</url>
+ </references>
+ <dates>
+ <discovery>2017-10-26</discovery>
+ <entry>2017-10-28</entry>
+ </dates>
+ </vuln>
+
<vuln vid="d77ceb8c-bb13-11e7-8357-3065ec6f3643">
<topic>wget -- Heap overflow in HTTP protocol handling</topic>
<affects>
More information about the svn-ports-head
mailing list