summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRene Ladan <rene@FreeBSD.org>2020-10-07 10:53:23 +0000
committerRene Ladan <rene@FreeBSD.org>2020-10-07 10:53:23 +0000
commit4b622b19d79bd9cbd5a64fbedfbf925a05eca045 (patch)
treefcbfb94192904467513d80359980738ac35299ef
parent- Update to 2.0.0 (diff)
Document new vulnerabilities in www/chromium < 86.0.4240.75
Obtained from: https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
Notes
Notes: svn path=/head/; revision=551629
Diffstat
-rw-r--r--security/vuxml/vuln.xml123
1 files changed, 123 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 4a8ef74b9116..b1b083a0d117 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -58,6 +58,129 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="64988354-0889-11eb-a01b-e09467587c17">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <range><lt>86.0.4240.75</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Chrome releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html">
+ <p>This release contains 35 security fixes, including:</p>
+ <ul>
+ <li>[1127322] Critical CVE-2020-15967: Use after free in payments.
+ Reported by Man Yue Mo of GitHub Security Lab on 2020-09-11</li>
+ <li>[1126424] High CVE-2020-15968: Use after free in Blink.
+ Reported by Anonymous on 2020-09-09</li>
+ <li>[1124659] High CVE-2020-15969: Use after free in WebRTC.
+ Reported by Anonymous on 2020-09-03</li>
+ <li>[1108299] High CVE-2020-15970: Use after free in NFC. Reported
+ by Man Yue Mo of GitHub Security Lab on 2020-07-22</li>
+ <li>[1114062] High CVE-2020-15971: Use after free in printing.
+ Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on
+ 2020-08-07</li>
+ <li>[1115901] High CVE-2020-15972: Use after free in audio.
+ Reported by Anonymous on 2020-08-13</li>
+ <li>[1133671] High CVE-2020-15990: Use after free in autofill.
+ Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 on
+ 2020-09-30</li>
+ <li>[1133688] High CVE-2020-15991: Use after free in password
+ manager. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo
+ 360 on 2020-09-30</li>
+ <li>[1106890] Medium CVE-2020-15973: Insufficient policy
+ enforcement in extensions. Reported by David Erceg on
+ 2020-07-17</li>
+ <li>[1104103] Medium CVE-2020-15974: Integer overflow in Blink.
+ Reported by Juno Im (junorouse) of Theori on 2020-07-10</li>
+ <li>[1110800] Medium CVE-2020-15975: Integer overflow in
+ SwiftShader. Reported by Anonymous on 2020-07-29</li>
+ <li>[1123522] Medium CVE-2020-15976: Use after free in WebXR.
+ Reported by YoungJoo Lee (@ashuu_lee) of Raon Whitehat on
+ 2020-08-31</li>
+ <li>[1083278] Medium CVE-2020-6557: Inappropriate implementation
+ in networking. Reported by Matthias Gierlings and Marcus Brinkmann
+ (NDS Ruhr-University Bochum) on 2020-05-15</li>
+ <li>[1097724] Medium CVE-2020-15977: Insufficient data validation
+ in dialogs. Reported by Narendra Bhati (@imnarendrabhati) on
+ 2020-06-22</li>
+ <li>[1116280] Medium CVE-2020-15978: Insufficient data validation
+ in navigation. Reported by Luan Herrera (@lbherrera_) on
+ 2020-08-14</li>
+ <li>[1127319] Medium CVE-2020-15979: Inappropriate implementation
+ in V8. Reported by Avihay Cohen (@SeraphicAlgorithms) on
+ 2020-09-11</li>
+ <li>[1092453] Medium CVE-2020-15980: Insufficient policy
+ enforcement in Intents. Reported by Yongke Wang (@Rudykewang) and
+ Aryb1n (@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08</li>
+ <li>[1123023] Medium CVE-2020-15981: Out of bounds read in audio.
+ Reported by Christoph Guttandin on 2020-08-28</li>
+ <li>[1039882] Medium CVE-2020-15982: Side-channel information
+ leakage in cache. Reported by Luan Herrera (@lbherrera_) on
+ 2020-01-07</li>
+ <li>[1076786] Medium CVE-2020-15983: Insufficient data validation
+ in webUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability
+ Research on 2020-04-30</li>
+ <li>[1080395] Medium CVE-2020-15984: Insufficient policy
+ enforcement in Omnibox. Reported by Rayyan Bijoora on
+ 2020-05-07</li>
+ <li>[1099276] Medium CVE-2020-15985: Inappropriate implementation
+ in Blink. Reported by Abdulrahman Alqabandi, Microsoft Browser
+ Vulnerability Research on 2020-06-25</li>
+ <li>[1100247] Medium CVE-2020-15986: Integer overflow in media.
+ Reported by Mark Brand of Google Project Zero on 2020-06-29</li>
+ <li>[1127774] Medium CVE-2020-15987: Use after free in WebRTC.
+ Reported by Philipp Hancke on 2020-09-14</li>
+ <li>[1110195] Medium CVE-2020-15992: Insufficient policy
+ enforcement in networking. Reported by Alison Huffman, Microsoft
+ Browser Vulnerability Research on 2020-07-28</li>
+ <li>[1092518] Low CVE-2020-15988: Insufficient policy enforcement
+ in downloads. Reported by Samuel Attard on 2020-06-08</li>
+ <li>[1108351] Low CVE-2020-15989: Uninitialized Use in PDFium.
+ Reported by Gareth Evans (Microsoft) on 2020-07-22</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2020-6557</cvename>
+ <cvename>CVE-2020-15967</cvename>
+ <cvename>CVE-2020-15968</cvename>
+ <cvename>CVE-2020-15969</cvename>
+ <cvename>CVE-2020-15970</cvename>
+ <cvename>CVE-2020-15971</cvename>
+ <cvename>CVE-2020-15972</cvename>
+ <cvename>CVE-2020-15973</cvename>
+ <cvename>CVE-2020-15974</cvename>
+ <cvename>CVE-2020-15975</cvename>
+ <cvename>CVE-2020-15976</cvename>
+ <cvename>CVE-2020-15977</cvename>
+ <cvename>CVE-2020-15978</cvename>
+ <cvename>CVE-2020-15979</cvename>
+ <cvename>CVE-2020-15980</cvename>
+ <cvename>CVE-2020-15981</cvename>
+ <cvename>CVE-2020-15982</cvename>
+ <cvename>CVE-2020-15983</cvename>
+ <cvename>CVE-2020-15984</cvename>
+ <cvename>CVE-2020-15985</cvename>
+ <cvename>CVE-2020-15986</cvename>
+ <cvename>CVE-2020-15987</cvename>
+ <cvename>CVE-2020-15988</cvename>
+ <cvename>CVE-2020-15989</cvename>
+ <cvename>CVE-2020-15990</cvename>
+ <cvename>CVE-2020-15991</cvename>
+ <cvename>CVE-2020-15992</cvename>
+ <url>https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html</url>
+ </references>
+ <dates>
+ <discovery>2020-10-06</discovery>
+ <entry>2020-10-07</entry>
+ </dates>
+ </vuln>
+
<vuln vid="cff0b2e2-0716-11eb-9e5d-08002728f74c">
<topic>libexif -- multiple vulnerabilities</topic>
<affects>
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-05 12:05:17 +0000