From 35f60bf5080bab331e18991d3aa7a8a479c9b7de Mon Sep 17 00:00:00 2001 From: Rene Ladan Date: Tue, 12 Nov 2013 19:08:37 +0000 Subject: Document new vulnerabilities in www/chromium < 31.0.1650.48 Obtained from: http://googlechromereleases.blogspot.nl/ --- security/vuxml/vuln.xml | 63 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) (limited to 'security/vuxml/vuln.xml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 8120e9229f7e..023b6c6f568e 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,69 @@ Note: Please add new entries to the beginning of this file. --> + + chromium -- multiple vulnerabilities + + + chromium + 31.0.1650.48 + + + + +

Google Chrome Releases reports:

+
+

25 security fixes in this release, including:

+
    +
  • [268565] Medium CVE-2013-6621: Use after free related to speech input elements. + Credit to Khalil Zhani.
    • +
  • [272786] High CVE-2013-6622: Use after free related to media elements. Credit + to cloudfuzzer.
    • +
  • [282925] High CVE-2013-6623: Out of bounds read in SVG. Credit to miaubiz.
    • +
  • [290566] High CVE-2013-6624: Use after free related to “id” attribute strings. + Credit to Jon Butler.
    • +
  • [295010] High CVE-2013-6625: Use after free in DOM ranges. Credit to + cloudfuzzer.
    • +
  • [295695] Low CVE-2013-6626: Address bar spoofing related to interstitial + warnings. Credit to Chamal de Silva.
    • +
  • [299892] High CVE-2013-6627: Out of bounds read in HTTP parsing. Credit to + skylined.
    • +
  • [306959] Medium CVE-2013-6628: Issue with certificates not being checked + during TLS renegotiation. Credit to Antoine Delignat-Lavaud and Karthikeyan + Bhargavan from Prosecco of INRIA Paris.
    • +
  • [315823] Medium-Critical CVE-2013-2931: Various fixes from internal audits, + fuzzing and other initiatives.
    • +
  • [258723] Medium CVE-2013-6629: Read of uninitialized memory in libjpeg and + libjpeg-turbo. Credit to Michal Zalewski of Google.
    • +
  • [299835] Medium CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. + Credit to Michal Zalewski of Google.
    • +
  • [296804] High CVE-2013-6631: Use after free in libjingle. Credit to Patrik + Höglund of the Chromium project.
    • +
+
+ + + + CVE-2013-2931 + CVE-2013-6621 + CVE-2013-6622 + CVE-2013-6623 + CVE-2013-6624 + CVE-2013-6625 + CVE-2013-6626 + CVE-2013-6627 + CVE-2013-6628 + CVE-2013-6629 + CVE-2013-6630 + CVE-2013-6631 + http://googlechromereleases.blogspot.nl/ + + + 2013-11-12 + 2013-11-12 + + + OpenSSH -- Memory corruption in sshd -- cgit v1.2.3