diff options
| author | Rene Ladan <rene@FreeBSD.org> | 2021-10-29 21:33:00 +0200 |
|---|---|---|
| committer | Rene Ladan <rene@FreeBSD.org> | 2021-10-29 21:33:45 +0200 |
| commit | e3b412ec750d72264a29310c4bc7ea162d70ccba (patch) | |
| tree | 575dafd07dc3d0ee0c4c88c702ef47e4f0aa0b35 | |
| parent | misc/freebsd-doc-*: Update to 63971d4 revision from the FreeBSD docset (diff) | |
security/vuxml: add www/chromium < 95.0.4638.69
Obtained from: https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
| -rw-r--r-- | security/vuxml/vuln-2021.xml | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index ced576293f91..59cf97125ed7 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,58 @@ + <vuln vid="976d7bf9-38ea-11ec-b3b0-3065ec8fd3ec"> + <topic>chromium -- multiple vulnerabilities</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>95.0.4638.69</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"> + <p>This release contains 8 security fixes, including:</p> + <ul> + <li>[1259864] High CVE-2021-37997 : Use after free in Sign-In. + Reported by Wei Yuan of MoyunSec VLab on 2021-10-14</li> + <li>[1259587] High CVE-2021-37998 : Use after free in Garbage + Collection. Reported by Cassidy Kim of Amber Security Lab, OPPO + Mobile Telecommunications Corp. Ltd. on 2021-10-13</li> + <li>[1251541] High CVE-2021-37999 : Insufficient data validation in + New Tab Page. Reported by Ashish Arun Dhone on 2021-09-21</li> + <li>[1249962] High CVE-2021-38000 : Insufficient validation of + untrusted input in Intents. Reported by Clement Lecigne, Neel + Mehta, and Maddie Stone of Google Threat Analysis Group on + 2021-09-15</li> + <li>[1260577] High CVE-2021-38001 : Type Confusion in V8. Reported + by @s0rrymybad of Kunlun Lab via Tianfu Cup on 2021-10-16</li> + <li>[1260940] High CVE-2021-38002 : Use after free in Web Transport. + Reported by @__R0ng of 360 Alpha Lab, ? via Tianfu Cup on + 2021-10-16</li> + <li>[1263462] High CVE-2021-38003 : Inappropriate implementation in + V8. Reported by Clément Lecigne from Google TAG and Samuel Gross + from Google Project Zero on 2021-10-26</li> + </ul> + <p>Google is aware that exploits for CVE-2021-38000 and + CVE-2021-38003 exist in the wild.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-37997</cvename> + <cvename>CVE-2021-37998</cvename> + <cvename>CVE-2021-37999</cvename> + <cvename>CVE-2021-38000</cvename> + <cvename>CVE-2021-38001</cvename> + <cvename>CVE-2021-38002</cvename> + <cvename>CVE-2021-38003</cvename> + <url>https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html</url> + </references> + <dates> + <discovery>2021-10-28</discovery> + <entry>2021-10-29</entry> + </dates> + </vuln> + <vuln vid="c848059a-318b-11ec-aa15-0800270512f4"> <topic>fail2ban -- possible RCE vulnerability in mailing action using mailutils</topic> <affects> |