FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  369686
Date:      2014-10-01
Time:      03:40:03Z
Committer: bdrewery

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e62ab2af-4df4-11e3-b0cf-00262d5ed8eechromium -- multiple memory corruption issues

Google Chrome Releases reports:

[319117] [319125] Critical CVE-2013-6632: Multiple memory corruption issues. Credit to Pinkie Pie.


Discovery 2013-11-14
Entry 2013-11-15
chromium
lt 31.0.1650.57

CVE-2013-6632
http://googlechromereleases.blogspot.nl/
5acf4638-7e2c-11e3-9fba-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

11 security fixes in this release, including:

  • [249502] High CVE-2013-6646: Use-after-free in web workers. Credit to Collin Payne.
  • [326854] High CVE-2013-6641: Use-after-free related to forms. Credit to Atte Kettunen of OUSPG.
  • [324969] High CVE-2013-6642: Address bar spoofing in Chrome for Android. Credit to lpilorz.
  • [321940] High CVE-2013-6643: Unprompted sync with an attacker’s Google account. Credit to Joao Lucas Melo Brasio.
  • [318791] Medium CVE-2013-6645 Use-after-free related to speech input elements. Credit to Khalil Zhani.
  • [333036] CVE-2013-6644: Various fixes from internal audits, fuzzing and other initiatives.

Discovery 2014-01-14
Entry 2014-01-15
chromium
lt 32.0.1700.77

CVE-2013-6641
CVE-2013-6642
CVE-2013-6643
CVE-2013-6644
CVE-2013-6645
CVE-2013-6646
http://googlechromereleases.blogspot.nl/
e5414d0c-2ade-11e3-821d-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

50 security fixes in this release, including:

  • [223962][270758][271161][284785][284786] Medium CVE-2013-2906: Races in Web Audio. Credit to Atte Kettunen of OUSPG.
  • [260667] Medium CVE-2013-2907: Out of bounds read in Window.prototype object. Credit to Boris Zbarsky.
  • [265221] Medium CVE-2013-2908: Address bar spoofing related to the “204 No Content” status code. Credit to Chamal de Silva.
  • [265838][279277] High CVE-2013-2909: Use after free in inline-block rendering. Credit to Atte Kettunen of OUSPG.
  • [269753] Medium CVE-2013-2910: Use-after-free in Web Audio. Credit to Byoungyoung Lee of Georgia Tech Information Security Center (GTISC).
  • [271939] High CVE-2013-2911: Use-after-free in XSLT. Credit to Atte Kettunen of OUSPG.
  • [276368] High CVE-2013-2912: Use-after-free in PPAPI. Credit to Chamal de Silva and 41.w4r10r(at)garage4hackers.com.
  • [278908] High CVE-2013-2913: Use-after-free in XML document parsing. Credit to cloudfuzzer.
  • [279263] High CVE-2013-2914: Use after free in the Windows color chooser dialog. Credit to Khalil Zhani.
  • [280512] Low CVE-2013-2915: Address bar spoofing via a malformed scheme. Credit to Wander Groeneveld.
  • [281256] High CVE-2013-2916: Address bar spoofing related to the “204 No Content” status code. Credit to Masato Kinugawa.
  • [281480] Medium CVE-2013-2917: Out of bounds read in Web Audio. Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information Security Center (GTISC).
  • [282088] High CVE-2013-2918: Use-after-free in DOM. Credit to Byoungyoung Lee of Georgia Tech Information Security Center (GTISC).
  • [282736] High CVE-2013-2919: Memory corruption in V8. Credit to Adam Haile of Concrete Data.
  • [285742] Medium CVE-2013-2920: Out of bounds read in URL parsing. Credit to Atte Kettunen of OUSPG.
  • [286414] High CVE-2013-2921: Use-after-free in resource loader. Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information Security Center (GTISC).
  • [286975] High CVE-2013-2922: Use-after-free in template element. Credit to Jon Butler.
  • [299016] CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives (Chrome 30).
  • [275803] Medium CVE-2013-2924: Use-after-free in ICU. Upstream bug here.

Discovery 2013-10-01
Entry 2013-10-01
chromium
lt 30.0.1599.66

CVE-2013-2906
CVE-2013-2907
CVE-2013-2908
CVE-2013-2909
CVE-2013-2910
CVE-2013-2911
CVE-2013-2912
CVE-2013-2913
CVE-2013-2914
CVE-2013-2915
CVE-2013-2916
CVE-2013-2917
CVE-2013-2918
CVE-2013-2919
CVE-2013-2920
CVE-2013-2921
CVE-2013-2922
CVE-2013-2923
CVE-2013-2924
http://googlechromereleases.blogspot.nl/
710cd5d5-35cb-11e3-85f9-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

5 security fixes in this release, including:

  • [292422] High CVE-2013-2925: Use after free in XHR. Credit to Atte Kettunen of OUSPG.
  • [294456] High CVE-2013-2926: Use after free in editing. Credit to cloudfuzzer.
  • [297478] High CVE-2013-2927: Use after free in forms. Credit to cloudfuzzer.
  • [305790] High CVE-2013-2928: Various fixes from internal audits, fuzzing and other initiatives.

Discovery 2013-10-15
Entry 2013-10-15
chromium
lt 30.0.1599.101

CVE-2013-2925
CVE-2013-2926
CVE-2013-2927
CVE-2013-2928
http://googlechromereleases.blogspot.nl/
79356040-5da4-11e3-829e-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

15 security fixes in this release, including:

  • [307159] Medium CVE-2013-6634: Session fixation in sync related to 302 redirects. Credit to Andrey Labunets.
  • [314469] High CVE-2013-6635: Use-after-free in editing. Credit to cloudfuzzer.
  • [322959] Medium CVE-2013-6636: Address bar spoofing related to modal dialogs. Credit to Bas Venis.
  • [325501] CVE-2013-6637: Various fixes from internal audits, fuzzing and other initiatives.
  • [319722] Medium CVE-2013-6638: Buffer overflow in v8. This issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project.
  • [319835] High CVE-2013-6639: Out of bounds write in v8. This issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project.
  • [319860] Medium CVE-2013-6640: Out of bounds read in v8. This issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project.

Discovery 2013-12-04
Entry 2013-12-05
chromium
lt 31.0.1650.63

CVE-2013-6634
CVE-2013-6635
CVE-2013-6636
CVE-2013-6637
CVE-2013-6638
CVE-2013-6639
CVE-2013-6640
http://googlechromereleases.blogspot.nl/
3bfc7016-4bcc-11e3-b0cf-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

25 security fixes in this release, including:

  • [268565] Medium CVE-2013-6621: Use after free related to speech input elements. Credit to Khalil Zhani.
  • [272786] High CVE-2013-6622: Use after free related to media elements. Credit to cloudfuzzer.
  • [282925] High CVE-2013-6623: Out of bounds read in SVG. Credit to miaubiz.
  • [290566] High CVE-2013-6624: Use after free related to “id” attribute strings. Credit to Jon Butler.
  • [295010] High CVE-2013-6625: Use after free in DOM ranges. Credit to cloudfuzzer.
  • [295695] Low CVE-2013-6626: Address bar spoofing related to interstitial warnings. Credit to Chamal de Silva.
  • [299892] High CVE-2013-6627: Out of bounds read in HTTP parsing. Credit to skylined.
  • [306959] Medium CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco of INRIA Paris.
  • [315823] Medium-Critical CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives.
  • [258723] Medium CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. Credit to Michal Zalewski of Google.
  • [299835] Medium CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. Credit to Michal Zalewski of Google.
  • [296804] High CVE-2013-6631: Use after free in libjingle. Credit to Patrik Höglund of the Chromium project.

Discovery 2013-11-12
Entry 2013-11-12
chromium
lt 31.0.1650.48

CVE-2013-2931
CVE-2013-6621
CVE-2013-6622
CVE-2013-6623
CVE-2013-6624
CVE-2013-6625
CVE-2013-6626
CVE-2013-6627
CVE-2013-6628
CVE-2013-6629
CVE-2013-6630
CVE-2013-6631
http://googlechromereleases.blogspot.nl/