FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  375358
Date:      2014-12-23
Time:      21:24:55Z
Committer: rea

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
963413a5-bf50-11e3-a2d6-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

31 vulnerabilies fixed in this release, including:

  • [354123] High CVE-2014-1716: UXSS in V8. Credit to Anonymous.
  • [353004] High CVE-2014-1717: OOB access in V8. Credit to Anonymous.
  • [348332] High CVE-2014-1718: Integer overflow in compositor. Credit to Aaron Staple.
  • [343661] High CVE-2014-1719: Use-after-free in web workers. Credit to Collin Payne.
  • [356095] High CVE-2014-1720: Use-after-free in DOM. Credit to cloudfuzzer.
  • [350434] High CVE-2014-1721: Memory corruption in V8. Credit to Christian Holler.
  • [330626] High CVE-2014-1722: Use-after-free in rendering. Credit to miaubiz.
  • [337746] High CVE-2014-1723: Url confusion with RTL characters. Credit to George McBay.
  • [327295] High CVE-2014-1724: Use-after-free in speech. Credit to Atte Kettunen of OUSPG.
  • [357332] Medium CVE-2014-1725: OOB read with window property. Credit to Anonymous
  • [346135] Medium CVE-2014-1726: Local cross-origin bypass. Credit to Jann Horn.
  • [342735] Medium CVE-2014-1727: Use-after-free in forms. Credit to Khalil Zhani.
  • [360298] CVE-2014-1728: Various fixes from internal audits, fuzzing and other initiatives.
  • [345820, 347262, 348319, 350863, 352982, 355586, 358059] CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version 3.24.35.22.

Discovery 2014-04-08
Entry 2014-04-08
chromium
lt 34.0.1847.116

CVE-2014-1716
CVE-2014-1717
CVE-2014-1718
CVE-2014-1719
CVE-2014-1720
CVE-2014-1721
CVE-2014-1722
CVE-2014-1723
CVE-2014-1724
CVE-2014-1725
CVE-2014-1726
CVE-2014-1727
CVE-2014-1728
CVE-2014-1729
http://googlechromereleases.blogspot.nl/
cdf450fc-db52-11e3-a9fc-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

3 security fixes in this release:

  • [358038] High CVE-2014-1740: Use-after-free in WebSockets. Credit to Collin Payne.
  • [349898] High CVE-2014-1741: Integer overflow in DOM ranges. Credit to John Butler.
  • [356690] High CVE-2014-1742: Use-after-free in editing. Credit to cloudfuzzer.

Discovery 2014-05-13
Entry 2014-05-14
chromium
lt 34.0.1847.137

CVE-2014-1740
CVE-2014-1741
CVE-2014-1742
http://googlechromereleases.blogspot.nl/
a70966a1-ac22-11e3-8d04-00262d5ed8eewww/chromium -- multiple vulnerabities

Google Chrome Releases reports:

New vulnerabilites after the Pwn2Own competition:

  • [352369] Code execution outside sandbox. Credit to VUPEN.
    • [352374] High CVE-2014-1713: Use-after-free in Blink bindings
    • [352395] High CVE-2014-1714: Windows clipboard vulnerability
  • [352420] Code execution outside sandbox. Credit to Anonymous.
    • [351787] High CVE-2014-1705: Memory corruption in V8
    • [352429] High CVE-2014-1715: Directory traversal issue

Discovery 2014-03-14
Entry 2014-03-15
chromium
lt 33.0.1750.152

CVE-2014-1705
CVE-2014-1713
CVE-2014-1714
CVE-2014-1715
http://googlechromereleases.blogspot.nl/
64f3872b-e05d-11e3-9dd4-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

23 security fixes in this release, including:

  • [356653] High CVE-2014-1743: Use-after-free in styles. Credit to cloudfuzzer.
  • [359454] High CVE-2014-1744: Integer overflow in audio. Credit to Aaron Staple.
  • [346192] High CVE-2014-1745: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.
  • [364065] Medium CVE-2014-1746: Out-of-bounds read in media filters. Credit to Holger Fuhrmannek.
  • [330663] Medium CVE-2014-1747: UXSS with local MHTML file. Credit to packagesu.
  • [331168] Medium CVE-2014-1748: UI spoofing with scrollbar. Credit to Jordan Milne.
  • [374649] CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives.
  • [358057] CVE-2014-3152: Integer underflow in V8 fixed in version 3.25.28.16.

Discovery 2014-05-20
Entry 2014-05-20
chromium
lt 35.0.1916.114

CVE-2014-1743
CVE-2014-1744
CVE-2014-1745
CVE-2014-1746
CVE-2014-1747
CVE-2014-1748
CVE-2014-1749
CVE-2014-3152
http://googlechromereleases.blogspot.nl/
0b0fb9b0-f0fb-11e3-9bcd-000c6e25e3e9chromium -- multiple vulnerabilities

Google Chrome Releases reports:

4 security fixes in this release, including:

  • [369525] High CVE-2014-3154: Use-after-free in filesystem api. Credit to Collin Payne.
  • [369539] High CVE-2014-3155: Out-if-bounds read in SPDY. Credit to James March, Daniel Sommermann and Alan Frindell of Facebook.
  • [369621] Medium CVE-2014-3156: Buffer overflow in clipboard. Credit to Atte Kettunen of OUSPG.
  • [368980] CVE-2014-3157: Heap overflow in media.

Discovery 2014-06-10
Entry 2014-06-10
chromium
lt 35.0.1916.153

CVE-2014-3154
CVE-2014-3155
CVE-2014-3156
CVE-2014-3157
http://googlechromereleases.blogspot.nl
7cf25a0c-d031-11e3-947b-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports (belatedly):

9 security fixes in this release, including:

  • [354967] High CVE-2014-1730: Type confusion in V8. Credit to Anonymous.
  • [349903] High CVE-2014-1731: Type confusion in DOM. Credit to John Butler.
  • [359802] High CVE-2014-1736: Integer overflow in V8. Credit to SkyLined working with HP's Zero Day Initiative.
  • [352851] Medium CVE-2014-1732: Use-after-free in Speech Recognition. Credit to Khalil Zhani.
  • [351103] Medium CVE-2014-1733: Compiler bug in Seccomp-BPF. Credit to Jed Davis.
  • [367314] CVE-2014-1734: Various fixes from internal audits, fuzzing and other initiatives.
  • [359130, 359525, 360429] CVE-2014-1735: Multiple vulnerabilities in V8 fixed in version 3.24.35.33.

Discovery 2014-04-24
Entry 2014-04-30
chromium
lt 34.0.1847.132

CVE-2014-1730
CVE-2014-1731
CVE-2014-1732
CVE-2014-1733
CVE-2014-1734
CVE-2014-1735
CVE-2014-1736
http://googlechromereleases.blogspot.nl/