Current www/chromium is marked as vulnerable on Google Chrome website[0]. --- vuln.xml.orig 2015-09-02 02:30:55.000000000 +0200 +++ vuln.xml 2015-09-02 12:18:45.643172000 +0200 @@ -58,6 +58,66 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1";>; + <vuln vid="a9350df8-5157-11e5-b5c1-e8e0b747a45a"> + <topic>chromium -- multiple vulnerabilities</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>45.0.2454.85</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml";>; + <p>Google Chrome Releases reports:</p> + <blockquote cite="http://googlechromereleases.blogspot.nl";>; + <p>29 security fixes in this release, including:</p> + <ul> + <li>[516377] High CVE-2015-1291: Cross-origin bypass in DOM. Credit + to anonymous.</li> + <li>[522791] High CVE-2015-1292: Cross-origin bypass in ServiceWorker. Credit + to Mariusz Mlynski.</li> + <li>[524074] High CVE-2015-1293: Cross-origin bypass in DOM. Credit + to Mariusz Mlynski.</li> + <li>[492263] High CVE-2015-1294: Use-after-free in Skia. Credit + to cloudfuzzer.</li> + <li>[502562] High CVE-2015-1295: Use-after-free in Printing. Credit + to anonymous.</li> + <li>[421332] High CVE-2015-1296: Character spoofing in omnibox. Credit + to zcorpan.</li> + <li>[510802] Medium CVE-2015-1297: Permission scoping error in Webrequest. Credit + to Alexander Kashev.</li> + <li>[518827] Medium CVE-2015-1298: URL validation error in extensions. Credit + to Rob Wu.</li> + <li>[416362] Medium CVE-2015-1299: Use-after-free in Blink. Credit + to taro.suzuki.dev.</li> + <li>[511616] Medium CVE-2015-1300: Information leak in Blink. Credit + to cgvwzq.</li> + <li>[526825] CVE-2015-1301: Various fixes from internal audits, fuzzing and + other initiatives.</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2015-1291</cvename> + <cvename>CVE-2015-1292</cvename> + <cvename>CVE-2015-1293</cvename> + <cvename>CVE-2015-1294</cvename> + <cvename>CVE-2015-1295</cvename> + <cvename>CVE-2015-1296</cvename> + <cvename>CVE-2015-1297</cvename> + <cvename>CVE-2015-1298</cvename> + <cvename>CVE-2015-1299</cvename> + <cvename>CVE-2015-1300</cvename> + <cvename>CVE-2015-1301</cvename> + <url>http://googlechromereleases.blogspot.nl</url>; + </references> + <dates> + <discovery>2015-09-01</discovery> + <entry>2015-09-02</entry> + </dates> + </vuln> + <vuln vid="fc1f6658-4f53-11e5-934b-002590263bf5"> <topic>ghostscript -- denial of service (crash) via crafted Postscript files</topic> <affects>
[0] http://googlechromereleases.blogspot.nl/2015/09/stable-channel-upda te.html -- Carlos Jacobo Puga Medina <c...@fbsd.es> PGP fingerprint = C60E 9497 5302 793B CC2D BB89 A1F3 5D66 E6D0 5453
--- vuln.xml.orig 2015-09-02 02:30:55.000000000 +0200 +++ vuln.xml 2015-09-02 12:18:45.643172000 +0200 @@ -58,6 +58,66 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1";> + <vuln vid="a9350df8-5157-11e5-b5c1-e8e0b747a45a"> + <topic>chromium -- multiple vulnerabilities</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>45.0.2454.85</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml";> + <p>Google Chrome Releases reports:</p> + <blockquote cite="http://googlechromereleases.blogspot.nl";> + <p>29 security fixes in this release, including:</p> + <ul> + <li>[516377] High CVE-2015-1291: Cross-origin bypass in DOM. Credit + to anonymous.</li> + <li>[522791] High CVE-2015-1292: Cross-origin bypass in ServiceWorker. Credit + to Mariusz Mlynski.</li> + <li>[524074] High CVE-2015-1293: Cross-origin bypass in DOM. Credit + to Mariusz Mlynski.</li> + <li>[492263] High CVE-2015-1294: Use-after-free in Skia. Credit + to cloudfuzzer.</li> + <li>[502562] High CVE-2015-1295: Use-after-free in Printing. Credit + to anonymous.</li> + <li>[421332] High CVE-2015-1296: Character spoofing in omnibox. Credit + to zcorpan.</li> + <li>[510802] Medium CVE-2015-1297: Permission scoping error in Webrequest. Credit + to Alexander Kashev.</li> + <li>[518827] Medium CVE-2015-1298: URL validation error in extensions. Credit + to Rob Wu.</li> + <li>[416362] Medium CVE-2015-1299: Use-after-free in Blink. Credit + to taro.suzuki.dev.</li> + <li>[511616] Medium CVE-2015-1300: Information leak in Blink. Credit + to cgvwzq.</li> + <li>[526825] CVE-2015-1301: Various fixes from internal audits, fuzzing and + other initiatives.</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2015-1291</cvename> + <cvename>CVE-2015-1292</cvename> + <cvename>CVE-2015-1293</cvename> + <cvename>CVE-2015-1294</cvename> + <cvename>CVE-2015-1295</cvename> + <cvename>CVE-2015-1296</cvename> + <cvename>CVE-2015-1297</cvename> + <cvename>CVE-2015-1298</cvename> + <cvename>CVE-2015-1299</cvename> + <cvename>CVE-2015-1300</cvename> + <cvename>CVE-2015-1301</cvename> + <url>http://googlechromereleases.blogspot.nl</url> + </references> + <dates> + <discovery>2015-09-01</discovery> + <entry>2015-09-02</entry> + </dates> + </vuln> + <vuln vid="fc1f6658-4f53-11e5-934b-002590263bf5"> <topic>ghostscript -- denial of service (crash) via crafted Postscript files</topic> <affects>
signature.asc
Description: This is a digitally signed message part
