FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  369793
Date:      2014-10-02
Time:      01:06:43Z
Committer: bdrewery

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3b80104f-e96c-11e2-8bac-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

A special reward for Andrey Labunets for his combination of CVE-2013-2879 and CVE-2013-2868 along with some (since fixed) server-side bugs.

[252216] Low CVE-2013-2867: Block pop-unders in various scenarios.

[252062] High CVE-2013-2879: Confusion setting up sign-in and sync. Credit to Andrey Labunets.

[252034] Medium CVE-2013-2868: Incorrect sync of NPAPI extension component. Credit to Andrey Labunets.

[245153] Medium CVE-2013-2869: Out-of-bounds read in JPEG2000 handling. Credit to Felix Groebert of Google Security Team.

[244746] [242762] Critical CVE-2013-2870: Use-after-free with network sockets. Credit to Collin Payne.

[244260] Medium CVE-2013-2853: Man-in-the-middle attack against HTTP in SSL. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco at INRIA Paris.

[243991] [243818] High CVE-2013-2871: Use-after-free in input handling. Credit to miaubiz.

[Mac only] [242702] Low CVE-2013-2872: Possible lack of entropy in renderers. Credit to Eric Rescorla.

[241139] High CVE-2013-2873: Use-after-free in resource loading. Credit to miaubiz.

[233848] Medium CVE-2013-2875: Out-of-bounds-read in SVG. Credit to miaubiz.

[229504] Medium CVE-2013-2876: Extensions permissions confusion with interstitials. Credit to Dev Akhawe.

[229019] Low CVE-2013-2877: Out-of-bounds read in XML parsing. Credit to Aki Helin of OUSPG.

[196636] None: Remove the "viewsource" attribute on iframes. Credit to Collin Jackson.

[177197] Medium CVE-2013-2878: Out-of-bounds read in text handling. Credit to Atte Kettunen of OUSPG.


Discovery 2013-07-09
Entry 2013-07-10
chromium
lt 28.0.1500.71

CVE-2013-2853
CVE-2013-2867
CVE-2013-2868
CVE-2013-2869
CVE-2013-2870
CVE-2013-2871
CVE-2013-2872
CVE-2013-2873
CVE-2013-2875
CVE-2013-2876
CVE-2013-2877
CVE-2013-2878
CVE-2013-2879
http://googlechromereleases.blogspot.nl/
ae651a4b-0a42-11e3-ba52-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

25 security fixes in this release, including:

  • [181617] High CVE-2013-2900: Incomplete path sanitization in file handling. Credit to Krystian Bigaj.
  • [254159] Low CVE-2013-2905: Information leak via overly broad permissions on shared memory files. Credit to Christian Jaeger.
  • [257363] High CVE-2013-2901: Integer overflow in ANGLE. Credit to Alex Chapman.
  • [260105] High CVE-2013-2902: Use after free in XSLT. Credit to cloudfuzzer.
  • [260156] High CVE-2013-2903: Use after free in media element. Credit to cloudfuzzer.
  • [260428] High CVE-2013-2904: Use after free in document parsing. Credit to cloudfuzzer.
  • [274602] CVE-2013-2887: Various fixes from internal audits, fuzzing and other initiatives (Chrome 29).

Discovery 2013-08-20
Entry 2013-08-21
chromium
lt 29.0.1547.57

CVE-2013-2887
CVE-2013-2900
CVE-2013-2901
CVE-2013-2902
CVE-2013-2903
CVE-2013-2904
CVE-2013-2905
http://googlechromereleases.blogspot.nl/
69098c5c-fc4b-11e2-8ad0-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

Eleven vulnerabilities, including:

[257748] Medium CVE-2013-2881: Origin bypass in frame handling. Credit to Karthik Bhargavan.

[260106] High CVE-2013-2882: Type confusion in V8. Credit to Cloudfuzzer.

[260165] High CVE-2013-2883: Use-after-free in MutationObserver. Credit to Cloudfuzzer.

[248950] High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan Fratric of Google Security Team.

[249640] [257353] High CVE-2013-2885: Use-after-free in input handling. Credit to Ivan Fratric of Google Security Team.

[261701] High CVE-2013-2886: Various fixes from internal audits, fuzzing and other initiatives.


Discovery 2013-07-30
Entry 2013-08-03
chromium
lt 28.0.1500.95

CVE-2013-2881
CVE-2013-2882
CVE-2013-2883
CVE-2013-2884
CVE-2013-2885
CVE-2013-2886
http://www.googlechromereleases.blogspot.nl/
4865d189-cd62-11e2-ae11-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

[242322] Medium CVE-2013-2855: Memory corruption in dev tools API. Credit to "daniel.zulla".

[242224] High CVE-2013-2856: Use-after-free in input handling. Credit to miaubiz.

[240124] High CVE-2013-2857: Use-after-free in image handling. Credit to miaubiz.

[239897] High CVE-2013-2858: Use-after-free in HTML5 Audio. Credit to "cdel921".

[237022] High CVE-2013-2859: Cross-origin namespace pollution. to "bobbyholley".

[225546] High CVE-2013-2860: Use-after-free with workers accessing database APIs. Credit to Collin Payne.

[209604] High CVE-2013-2861: Use-after-free with SVG. Credit to miaubiz.

[161077] High CVE-2013-2862: Memory corruption in Skia GPU handling. Credit to Atte Kettunen of OUSPG.

[232633] Critical CVE-2013-2863: Memory corruption in SSL socket handling. Credit to Sebastian Marchand of the Chromium development community.

[239134] High CVE-2013-2864: Bad free in PDF viewer. Credit to Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team.

[246389] High CVE-2013-2865: Various fixes from internal audits, fuzzing and other initiatives.


Discovery 2013-06-04
Entry 2013-06-04
chromium
lt 27.0.1453.110

CVE-2013-2855
CVE-2013-2856
CVE-2013-2857
CVE-2013-2858
CVE-2013-2859
CVE-2013-2860
CVE-2013-2861
CVE-2013-2862
CVE-2013-2863
CVE-2013-2864
CVE-2013-2865
http://googlechromereleases.blogspot.nl/
358133b5-c2b9-11e2-a738-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

[235638] High CVE-2013-2837: Use-after-free in SVG. Credit to Slawomir Blazek.

[235311] Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to Christian Holler.

[230176] High CVE-2013-2839: Bad cast in clipboard handling. Credit to Jon of MWR InfoSecurity.

[230117] High CVE-2013-2840: Use-after-free in media loader. Credit to Nils of MWR InfoSecurity.

[227350] High CVE-2013-2841: Use-after-free in Pepper resource handling. Credit to Chamal de Silva.

[226696] High CVE-2013-2842: Use-after-free in widget handling. Credit to Cyril Cattiaux.

[222000] High CVE-2013-2843: Use-after-free in speech handling. Credit to Khalil Zhani.

[196393] High CVE-2013-2844: Use-after-free in style resolution. Credit to Sachin Shinde (@cons0ul).

[188092] [179522] [222136] [188092] High CVE-2013-2845: Memory safety issues in Web Audio. Credit to Atte Kettunen of OUSPG.

[177620] High CVE-2013-2846: Use-after-free in media loader. Credit to Chamal de Silva.

[176692] High CVE-2013-2847: Use-after-free race condition with workers. Credit to Collin Payne.

[176137] Medium CVE-2013-2848: Possible data extraction with XSS Auditor. Credit to Egor Homakov.

[171392] Low CVE-2013-2849: Possible XSS with drag+drop or copy+paste. Credit to Mario Heiderich.

[241595] High CVE-2013-2836: Various fixes from internal audits, fuzzing and other initiatives.


Discovery 2013-05-21
Entry 2013-05-22
chromium
lt 27.0.1453.93

CVE-2013-2836
CVE-2013-2837
CVE-2013-2838
CVE-2013-2839
CVE-2013-2840
CVE-2013-2841
CVE-2013-2842
CVE-2013-2843
CVE-2013-2844
CVE-2013-2845
CVE-2013-2846
CVE-2013-2847
CVE-2013-2848
CVE-2013-2849
http://googlechromereleases.blogspot.nl/search/Stable%20Updates
bdd48858-9656-11e2-a9a8-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

[172342] High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen of OUSPG.

[180909] Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google Chrome Security Team (Cris Neckar).

[180555] Low CVE-2013-0918: Do not navigate dev tools upon drag and drop. Credit to Vsevolod Vlasov of the Chromium development community.

[Linux only] [178760] Medium CVE-2013-0919: Use-after-free with pop-up windows in extensions. Credit to Google Chrome Security Team (Mustafa Emre Acer).

[177410] Medium CVE-2013-0920: Use-after-free in extension bookmarks API. Credit to Google Chrome Security Team (Mustafa Emre Acer).

[174943] High CVE-2013-0921: Ensure isolated web sites run in their own processes.

[174129] Low CVE-2013-0922: Avoid HTTP basic auth brute force attempts. Credit to "t3553r".

[169981] [169972] [169765] Medium CVE-2013-0923: Memory safety issues in the USB Apps API. Credit to Google Chrome Security Team (Mustafa Emre Acer).

[169632] Low CVE-2013-0924: Check an extension's permissions API usage again file permissions. Credit to Benjamin Kalman of the Chromium development community.

[168442] Low CVE-2013-0925: Avoid leaking URLs to extensions without the tabs permissions. Credit to Michael Vrable of Google.

[112325] Medium CVE-2013-0926: Avoid pasting active tags in certain situations. Credit to Subho Halder, Aditya Gupta, and Dev Kar of xys3c (xysec.com).


Discovery 2013-03-26
Entry 2013-03-26
chromium
lt 26.0.1410.43

CVE-2013-0916
CVE-2013-0917
CVE-2013-0918
CVE-2013-0919
CVE-2013-0920
CVE-2013-0921
CVE-2013-0922
CVE-2013-0923
CVE-2013-0924
CVE-2013-0925
CVE-2013-0926
http://googlechromereleases.blogspot.nl/search/Stable%20Updates