summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorRene Ladan <rene@FreeBSD.org>2016-04-19 20:14:53 +0000
committerRene Ladan <rene@FreeBSD.org>2016-04-19 20:14:53 +0000
commit1c53ed88f9c3dc382797aa0685cd3285433d944d (patch)
tree297e01aa1c915548a99cb1a4b30aef745f7c8b32 /security
parent- Update to 3.10.1 (diff)
Doument new vulnerabilities in www/chromium < 50.0.2661.75
Obtained from: http://googlechromereleases.blogspot.nl/2016/04/stable-channel-update_13.html
Notes
Notes: svn path=/head/; revision=413661
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml58
1 files changed, 58 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index d9028c74145d..2caeeec73dec 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -58,6 +58,64 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="6d8505f0-0614-11e6-b39c-00262d5ed8ee">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>50.0.2661.75</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.nl/2016/04/stable-channel-update_13.html">
+ <p>20 security fixes in this release, including:</p>
+ <ul>
+ <li>[590275] High CVE-2016-1652: Universal XSS in extension
+ bindings. Credit to anonymous.</li>
+ <li>[589792] High CVE-2016-1653: Out-of-bounds write in V8. Credit
+ to Choongwoo Han.</li>
+ <li>[591785] Medium CVE-2016-1651: Out-of-bounds read in Pdfium
+ JPEG2000 decoding. Credit to kdot working with HP's Zero Day
+ Initiative.</li>
+ <li>[589512] Medium CVE-2016-1654: Uninitialized memory read in
+ media. Credit to Atte Kettunen of OUSPG.</li>
+ <li>[582008] Medium CVE-2016-1655: Use-after-free related to
+ extensions. Credit to Rob Wu.</li>
+ <li>[570750] Medium CVE-2016-1656: Android downloaded file path
+ restriction bypass. Credit to Dzmitry Lukyanenko.</li>
+ <li>[567445] Medium CVE-2016-1657: Address bar spoofing. Credit to
+ Luan Herrera.</li>
+ <li>[573317] Low CVE-2016-1658: Potential leak of sensitive
+ information to malicious extensions. Credit to Antonio Sanso
+ (@asanso) of Adobe.</li>
+ <li>[602697] CVE-2016-1659: Various fixes from internal audits,
+ fuzzing and other initiatives.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1651</cvename>
+ <cvename>CVE-2016-1652</cvename>
+ <cvename>CVE-2016-1653</cvename>
+ <cvename>CVE-2016-1654</cvename>
+ <cvename>CVE-2016-1655</cvename>
+ <cvename>CVE-2016-1656</cvename>
+ <cvename>CVE-2016-1657</cvename>
+ <cvename>CVE-2016-1658</cvename>
+ <cvename>CVE-2016-1659</cvename>
+ <url>http://googlechromereleases.blogspot.nl/2016/04/stable-channel-update_13.html</url>
+ </references>
+ <dates>
+ <discovery>2016-04-13</discovery>
+ <entry>2016-04-19</entry>
+ </dates>
+ </vuln>
+
<vuln vid="976567f6-05c5-11e6-94fa-002590263bf5">
<topic>wpa_supplicant -- multiple vulnerabilities</topic>
<affects>
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-19 16:53:34 +0000