FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  373433
Date:      2014-11-25
Time:      21:42:42Z
Committer: naddy

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ae651a4b-0a42-11e3-ba52-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

25 security fixes in this release, including:

  • [181617] High CVE-2013-2900: Incomplete path sanitization in file handling. Credit to Krystian Bigaj.
  • [254159] Low CVE-2013-2905: Information leak via overly broad permissions on shared memory files. Credit to Christian Jaeger.
  • [257363] High CVE-2013-2901: Integer overflow in ANGLE. Credit to Alex Chapman.
  • [260105] High CVE-2013-2902: Use after free in XSLT. Credit to cloudfuzzer.
  • [260156] High CVE-2013-2903: Use after free in media element. Credit to cloudfuzzer.
  • [260428] High CVE-2013-2904: Use after free in document parsing. Credit to cloudfuzzer.
  • [274602] CVE-2013-2887: Various fixes from internal audits, fuzzing and other initiatives (Chrome 29).

Discovery 2013-08-20
Entry 2013-08-21
chromium
lt 29.0.1547.57

CVE-2013-2887
CVE-2013-2900
CVE-2013-2901
CVE-2013-2902
CVE-2013-2903
CVE-2013-2904
CVE-2013-2905
http://googlechromereleases.blogspot.nl/
3b80104f-e96c-11e2-8bac-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

A special reward for Andrey Labunets for his combination of CVE-2013-2879 and CVE-2013-2868 along with some (since fixed) server-side bugs.

[252216] Low CVE-2013-2867: Block pop-unders in various scenarios.

[252062] High CVE-2013-2879: Confusion setting up sign-in and sync. Credit to Andrey Labunets.

[252034] Medium CVE-2013-2868: Incorrect sync of NPAPI extension component. Credit to Andrey Labunets.

[245153] Medium CVE-2013-2869: Out-of-bounds read in JPEG2000 handling. Credit to Felix Groebert of Google Security Team.

[244746] [242762] Critical CVE-2013-2870: Use-after-free with network sockets. Credit to Collin Payne.

[244260] Medium CVE-2013-2853: Man-in-the-middle attack against HTTP in SSL. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco at INRIA Paris.

[243991] [243818] High CVE-2013-2871: Use-after-free in input handling. Credit to miaubiz.

[Mac only] [242702] Low CVE-2013-2872: Possible lack of entropy in renderers. Credit to Eric Rescorla.

[241139] High CVE-2013-2873: Use-after-free in resource loading. Credit to miaubiz.

[233848] Medium CVE-2013-2875: Out-of-bounds-read in SVG. Credit to miaubiz.

[229504] Medium CVE-2013-2876: Extensions permissions confusion with interstitials. Credit to Dev Akhawe.

[229019] Low CVE-2013-2877: Out-of-bounds read in XML parsing. Credit to Aki Helin of OUSPG.

[196636] None: Remove the "viewsource" attribute on iframes. Credit to Collin Jackson.

[177197] Medium CVE-2013-2878: Out-of-bounds read in text handling. Credit to Atte Kettunen of OUSPG.


Discovery 2013-07-09
Entry 2013-07-10
chromium
lt 28.0.1500.71

CVE-2013-2853
CVE-2013-2867
CVE-2013-2868
CVE-2013-2869
CVE-2013-2870
CVE-2013-2871
CVE-2013-2872
CVE-2013-2873
CVE-2013-2875
CVE-2013-2876
CVE-2013-2877
CVE-2013-2878
CVE-2013-2879
http://googlechromereleases.blogspot.nl/
69098c5c-fc4b-11e2-8ad0-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

Eleven vulnerabilities, including:

[257748] Medium CVE-2013-2881: Origin bypass in frame handling. Credit to Karthik Bhargavan.

[260106] High CVE-2013-2882: Type confusion in V8. Credit to Cloudfuzzer.

[260165] High CVE-2013-2883: Use-after-free in MutationObserver. Credit to Cloudfuzzer.

[248950] High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan Fratric of Google Security Team.

[249640] [257353] High CVE-2013-2885: Use-after-free in input handling. Credit to Ivan Fratric of Google Security Team.

[261701] High CVE-2013-2886: Various fixes from internal audits, fuzzing and other initiatives.


Discovery 2013-07-30
Entry 2013-08-03
chromium
lt 28.0.1500.95

CVE-2013-2881
CVE-2013-2882
CVE-2013-2883
CVE-2013-2884
CVE-2013-2885
CVE-2013-2886
http://www.googlechromereleases.blogspot.nl/