author: Rene Ladan <rene@FreeBSD.org> 2016-09-13 19:10:33 +0000
committer: Rene Ladan <rene@FreeBSD.org> 2016-09-13 19:10:33 +0000
commit: de9d50ff13456d5d2afc0874097a54e2e10e9b68 (patch)
tree: 6ef8d6f21838618ab1703c09b2884035fb888b49 /security
parent: 417ae507414d33538bf0a480776577f3ae9589cf (diff)
1 files changed, 93 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index b48aa8f9b25c..1757d40dbf21 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -58,6 +58,99 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="769ba449-79e1-11e6-bf75-3065ec8fd3ec">
+    <topic>chromium -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>chromium</name>
+	<name>chromium-npapi</name>
+	<name>chromium-pulse</name>
+	<range><lt>53.0.2785.92</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Google Chrome Releases reports:</p>
+	<blockquote cite="https://googlechromereleases.blogspot.nl/2016/08/stable-channel-update-for-desktop_31.html">
+	  <p>33 security fixes in this release, including:</p>
+	  <ul>
+	    <li>[628942] High CVE-2016-5147: Universal XSS in Blink. Credit to
+	      anonymous</li>
+	    <li>[621362] High CVE-2016-5148: Universal XSS in Blink. Credit to
+	      anonymous</li>
+	    <li>[573131] High CVE-2016-5149: Script injection in extensions.
+	      Credit to Max Justicz  (http://web.mit.edu/maxj/www/)</li>
+	    <li>[637963] High CVE-2016-5150: Use after free in Blink. Credit to
+	      anonymous</li>
+	    <li>[634716] High CVE-2016-5151: Use after free in PDFium. Credit to
+	      anonymous</li>
+	    <li>[629919] High CVE-2016-5152: Heap overflow in PDFium. Credit to
+	      GiWan Go of Stealien</li>
+	    <li>[631052] High CVE-2016-5153: Use after destruction in Blink.
+	      Credit to Atte Kettunen of OUSPG</li>
+	    <li>[633002] High CVE-2016-5154: Heap overflow in PDFium. Credit to
+	      anonymous</li>
+	    <li>[630662] High CVE-2016-5155: Address bar spoofing. Credit to
+	      anonymous</li>
+	    <li>[625404] High CVE-2016-5156: Use after free in event bindings.
+	      Credit to jinmo123</li>
+	    <li>[632622] High CVE-2016-5157: Heap overflow in PDFium. Credit to
+	      anonymous</li>
+	    <li>[628890] High CVE-2016-5158: Heap overflow in PDFium. Credit to
+	      GiWan Go of Stealien</li>
+	    <li>[628304] High CVE-2016-5159: Heap overflow in PDFium. Credit to
+	      GiWan Go of Stealien</li>
+	    <li>[622420] Medium CVE-2016-5161: Type confusion in Blink. Credit
+	      to 62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro's
+	      Zero Day Initiative</li>
+	    <li>[589237] Medium CVE-2016-5162: Extensions web accessible
+	      resources bypass. Credit to Nicolas Golubovic</li>
+	    <li>[609680] Medium CVE-2016-5163: Address bar spoofing. Credit to
+	      Rafay Baloch PTCL Etisalat (http://rafayhackingarticles.net)</li>
+	    <li>[637594] Medium CVE-2016-5164: Universal XSS using DevTools.
+	      Credit to anonymous</li>
+	    <li>[618037] Medium CVE-2016-5165: Script injection in DevTools.
+	      Credit to Gregory Panakkal</li>
+	    <li>[616429] Medium CVE-2016-5166: SMB Relay Attack via Save Page
+	      As. Credit to Gregory Panakkal</li>
+	    <li>[576867] Low CVE-2016-5160: Extensions web accessible resources
+	      bypass. Credit to @l33terally, FogMarks.com (@FogMarks)</li>
+	    <li>[642598] CVE-2016-5167: Various fixes from internal audits,
+	      fuzzing and other initiatives.</li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2016-5147</cvename>
+      <cvename>CVE-2016-5148</cvename>
+      <cvename>CVE-2016-5149</cvename>
+      <cvename>CVE-2016-5150</cvename>
+      <cvename>CVE-2016-5151</cvename>
+      <cvename>CVE-2016-5152</cvename>
+      <cvename>CVE-2016-5153</cvename>
+      <cvename>CVE-2016-5154</cvename>
+      <cvename>CVE-2016-5155</cvename>
+      <cvename>CVE-2016-5156</cvename>
+      <cvename>CVE-2016-5157</cvename>
+      <cvename>CVE-2016-5158</cvename>
+      <cvename>CVE-2016-5159</cvename>
+      <cvename>CVE-2016-5160</cvename>
+      <cvename>CVE-2016-5161</cvename>
+      <cvename>CVE-2016-5162</cvename>
+      <cvename>CVE-2016-5163</cvename>
+      <cvename>CVE-2016-5164</cvename>
+      <cvename>CVE-2016-5165</cvename>
+      <cvename>CVE-2016-5166</cvename>
+      <cvename>CVE-2016-5167</cvename>
+      <url>https://googlechromereleases.blogspot.nl/2016/08/stable-channel-update-for-desktop_31.html</url>
+    </references>
+    <dates>
+      <discovery>2016-08-31</discovery>
+      <entry>2016-09-13</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="958b9cee-79da-11e6-bf75-3065ec8fd3ec">
     <topic>chromium -- multiple vulnerabilities</topic>
     <affects>
author	Rene Ladan <rene@FreeBSD.org>	2016-09-13 19:10:33 +0000
committer	Rene Ladan <rene@FreeBSD.org>	2016-09-13 19:10:33 +0000
commit	de9d50ff13456d5d2afc0874097a54e2e10e9b68 (patch)
tree	6ef8d6f21838618ab1703c09b2884035fb888b49 /security
parent	417ae507414d33538bf0a480776577f3ae9589cf (diff)