security/vuxml: document www/chromium < 97.0.4692.71

While here add definitions for 2022, as this is the first vuxml commit of the year. This cannot be done in its own commit because `make validate` complains in that case (even with a 0-byte vuln-2022.xml). Obtained from: https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
author: Rene Ladan <rene@FreeBSD.org> 2022-01-05 13:11:32 +0000
committer: Rene Ladan <rene@FreeBSD.org> 2022-01-05 13:14:51 +0000
commit: 355c650718a5af17bd7d977253c1e6186e495f07 (patch)
tree: 6ae128fdc90688fb2af2ec431fd0b993ec3d3ccd
parent: 8e0a88f12d7715ae62ecde7b8782b153d70f1a24 (diff)
3 files changed, 108 insertions, 1 deletions
diff --git a/security/vuxml/files/tidy.xsl b/security/vuxml/files/tidy.xsl
index 8bf948a94b6e..e48c36c691c2 100644
--- a/security/vuxml/files/tidy.xsl
+++ b/security/vuxml/files/tidy.xsl
@@ -44,6 +44,7 @@ result in more namespace declarations than we wish.
 <!ENTITY vuln-2019 SYSTEM "vuln-2019.xml">
 <!ENTITY vuln-2020 SYSTEM "vuln-2020.xml">
 <!ENTITY vuln-2021 SYSTEM "vuln-2021.xml">
+<!ENTITY vuln-2022 SYSTEM "vuln-2022.xml">
 ]>
 ]]></xsl:text>
   <xsl:apply-templates />
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml
new file mode 100644
index 000000000000..d2a5f1dfed62
--- /dev/null
+++ b/security/vuxml/vuln-2022.xml
@@ -0,0 +1,104 @@
+  <vuln vid="9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec">
+    <topic>chromium -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>chromium</name>
+	<range><lt>97.0.4692.71</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Chrome Releases reports:</p>
+	<blockquote cite="https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html">
+	  <p>This release contains 37 security fixes, including:</p>
+	  <ul>
+	    <li>[$TBD][1275020] Critical CVE-2022-0096: Use after free in
+	      Storage. Reported by Yangkang (@dnpushme) of 360 ATA on
+	      2021-11-30</li>
+	    <li>[1117173] High CVE-2022-0097: Inappropriate implementation in
+	      DevTools. Reported by David Erceg on 2020-08-17</li>
+	    <li>[1273609] High CVE-2022-0098: Use after free in Screen Capture.
+	      Reported by @ginggilBesel on 2021-11-24</li>
+	    <li>[1245629] High CVE-2022-0099: Use after free in Sign-in.
+	      Reported by Rox on 2021-09-01</li>
+	    <li>[1238209] High CVE-2022-0100: Heap buffer overflow in Media
+	      streams API. Reported by Cassidy Kim of Amber Security Lab, OPPO
+	      Mobile Telecommunications Corp. Ltd. on 2021-08-10</li>
+	    <li>[1249426] High CVE-2022-0101: Heap buffer overflow in Bookmarks.
+	      Reported by raven (@raid_akame) on 2021-09-14</li>
+	    <li>[1260129] High CVE-2022-0102: Type Confusion in V8 . Reported by
+	      Brendon Tiszka on 2021-10-14</li>
+	    <li>[1272266] High CVE-2022-0103: Use after free in SwiftShader.
+	      Reported by Abraruddin Khan and Omair on 2021-11-21</li>
+	    <li>[1273661] High CVE-2022-0104: Heap buffer overflow in ANGLE.
+	      Reported by Abraruddin Khan and Omair on 2021-11-25</li>
+	    <li>[1274376] High CVE-2022-0105: Use after free in PDF. Reported by
+	      Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications
+	      Corp. Ltd. on 2021-11-28</li>
+	    <li>[1278960] High CVE-2022-0106: Use after free in Autofill.
+	      Reported by Khalil Zhani on 2021-12-10</li>
+	    <li>[1248438] Medium CVE-2022-0107: Use after free in File Manager
+	      API. Reported by raven (@raid_akame) on 2021-09-10</li>
+	    <li>[1248444] Medium CVE-2022-0108: Inappropriate implementation in
+	      Navigation. Reported by Luan Herrera (@lbherrera_) on
+	      2021-09-10</li>
+	    <li>[1261689] Medium CVE-2022-0109: Inappropriate implementation in
+	      Autofill. Reported by Young Min Kim (@ylemkimon), CompSec Lab at
+	      Seoul National University on 2021-10-20</li>
+	    <li>[1237310] Medium CVE-2022-0110: Incorrect security UI in
+	      Autofill. Reported by Alesandro Ortiz on 2021-08-06</li>
+	    <li>[1241188] Medium CVE-2022-0111: Inappropriate implementation in
+	      Navigation. Reported by garygreen on 2021-08-18</li>
+	    <li>[1255713] Medium CVE-2022-0112: Incorrect security UI in Browser
+	      UI. Reported by Thomas Orlita on 2021-10-04</li>
+	    <li>[1039885] Medium CVE-2022-0113: Inappropriate implementation in
+	      Blink. Reported by Luan Herrera (@lbherrera_) on 2020-01-07</li>
+	    <li>[1267627] Medium CVE-2022-0114: Out of bounds memory access in
+	      Web Serial. Reported by Looben Yang on 2021-11-06</li>
+	    <li>[1268903] Medium CVE-2022-0115: Uninitialized Use in File API.
+	      Reported by Mark Brand of Google Project Zero on 2021-11-10</li>
+	    <li>[1272250] Medium CVE-2022-0116: Inappropriate implementation in
+	      Compositing. Reported by Irvan Kurniawan (sourc7) on
+	      2021-11-20</li>
+	    <li>[1115847] Low CVE-2022-0117: Policy bypass in Service Workers.
+	      Reported by Dongsung Kim (@kid1ng) on 2020-08-13</li>
+	    <li>[1238631] Low CVE-2022-0118: Inappropriate implementation in
+	      WebShare. Reported by Alesandro Ortiz on 2021-08-11</li>
+	    <li>[1262953] Low CVE-2022-0120: Inappropriate implementation in
+	      Passwords. Reported by CHAKRAVARTHI (Ruler96) on 2021-10-25</li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2022-0096</cvename>
+      <cvename>CVE-2022-0097</cvename>
+      <cvename>CVE-2022-0098</cvename>
+      <cvename>CVE-2022-0099</cvename>
+      <cvename>CVE-2022-0100</cvename>
+      <cvename>CVE-2022-0101</cvename>
+      <cvename>CVE-2022-0102</cvename>
+      <cvename>CVE-2022-0103</cvename>
+      <cvename>CVE-2022-0104</cvename>
+      <cvename>CVE-2022-0105</cvename>
+      <cvename>CVE-2022-0106</cvename>
+      <cvename>CVE-2022-0107</cvename>
+      <cvename>CVE-2022-0108</cvename>
+      <cvename>CVE-2022-0109</cvename>
+      <cvename>CVE-2022-0110</cvename>
+      <cvename>CVE-2022-0111</cvename>
+      <cvename>CVE-2022-0112</cvename>
+      <cvename>CVE-2022-0113</cvename>
+      <cvename>CVE-2022-0114</cvename>
+      <cvename>CVE-2022-0115</cvename>
+      <cvename>CVE-2022-0116</cvename>
+      <cvename>CVE-2022-0117</cvename>
+      <cvename>CVE-2022-0118</cvename>
+      <cvename>CVE-2022-0120</cvename>
+      <url>https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html</url>
+    </references>
+    <dates>
+      <discovery>2022-01-04</discovery>
+      <entry>2022-01-05</entry>
+    </dates>
+  </vuln>
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 25512c70513c..845b3df9e509 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -19,9 +19,10 @@
 <!ENTITY vuln-2019 SYSTEM "vuln-2019.xml">
 <!ENTITY vuln-2020 SYSTEM "vuln-2020.xml">
 <!ENTITY vuln-2021 SYSTEM "vuln-2021.xml">
+<!ENTITY vuln-2022 SYSTEM "vuln-2022.xml">
 ]>
 <!--
-Copyright 2003-2021 Jacques Vidrine and contributors
+Copyright 2003-2022 Jacques Vidrine and contributors
 
 Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
 HTML, PDF, PostScript, RTF and so forth) with or without modification,
@@ -77,6 +78,7 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+&vuln-2022;
 &vuln-2021;
 &vuln-2020;
 &vuln-2019;
author	Rene Ladan <rene@FreeBSD.org>	2022-01-05 13:11:32 +0000
committer	Rene Ladan <rene@FreeBSD.org>	2022-01-05 13:14:51 +0000
commit	355c650718a5af17bd7d977253c1e6186e495f07 (patch)
tree	6ae128fdc90688fb2af2ec431fd0b993ec3d3ccd
parent	8e0a88f12d7715ae62ecde7b8782b153d70f1a24 (diff)