diff options
| author | Rene Ladan <rene@FreeBSD.org> | 2022-09-14 20:47:02 +0000 |
|---|---|---|
| committer | Rene Ladan <rene@FreeBSD.org> | 2022-09-14 20:47:02 +0000 |
| commit | 9d6797eb684b33c11f491d63e83aa05a3407b9b4 (patch) | |
| tree | 643d06772e1e531bb589d42cc71098f7415ab7b9 | |
| parent | 03a64c079938b46e4ed5a317d45418b42d80534e (diff) | |
| download | ports-9d6797eb684b33c11f491d63e83aa05a3407b9b4.tar.gz ports-9d6797eb684b33c11f491d63e83aa05a3407b9b4.zip | |
security/vuxml: add www/chromium < 105.0.5195.125
Obtained from: https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html
| -rw-r--r-- | security/vuxml/vuln-2022.xml | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index b0bb4fbf124a..e6665539a83f 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,44 @@ + <vuln vid="b59847e0-346d-11ed-8fe9-3065ec8fd3ec"> + <topic>chromium -- multiple vulnerabilities</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>105.0.5195.125</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html"> + <p>This release includes 11 security fixes, including:</p> + <ul> + <li>[1358381] High CVE-2022-3195: Out of bounds write in Storage. Reported by Ziling Chen and Nan Wang (@eternalsakura13) of 360 Vulnerability Research Institute on 2022-08-31</li> + <li>[1358090] High CVE-2022-3196: Use after free in PDF. Reported by triplepwns on 2022-08-30</li> + <li>[1358075] High CVE-2022-3197: Use after free in PDF. Reported by triplepwns on 2022-08-30</li> + <li>[1355682] High CVE-2022-3198: Use after free in PDF. Reported by MerdroidSG on 2022-08-23</li> + <li>[1355237] High CVE-2022-3199: Use after free in Frames. Reported by Anonymous on 2022-08-22</li> + <li>[1355103] High CVE-2022-3200: Heap buffer overflow in Internals. Reported by Richard Lorenz, SAP on 2022-08-22</li> + <li>[1343104] High CVE-2022-3201: Insufficient validation of untrusted input in DevTools. Reported by NDevTK on 2022-07-09</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2022-3195</cvename> + <cvename>CVE-2022-3196</cvename> + <cvename>CVE-2022-3197</cvename> + <cvename>CVE-2022-3198</cvename> + <cvename>CVE-2022-3199</cvename> + <cvename>CVE-2022-3200</cvename> + <cvename>CVE-2022-3201</cvename> + <url>https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html</url> + </references> + <dates> + <discovery>2022-09-14</discovery> + <entry>2022-09-14</entry> + </dates> + </vuln> + <vuln vid="4ebaa983-3299-11ed-95f8-901b0e9408dc"> <topic>dendrite -- Signature checks not applied to some retrieved missing events</topic> <affects> |