From 34921a9d57dfccc296c4ac2aff7d3ed4d11e1923 Mon Sep 17 00:00:00 2001 From: Rene Ladan Date: Wed, 14 Apr 2021 19:46:52 +0200 Subject: Document new vulnerabilities in www/chromium < 89.0.4389.128 Obtained from: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html --- security/vuxml/vuln.xml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 950f3312ab7a..fbc7527f15ed 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -76,6 +76,41 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + chromium -- multiple vulnerabilities + + + chromium + 89.0.4389.128 + + + + +

Chrome Releases reports:

+
This release contains two security fixes:
+
+
[1196781] High CVE-2021-21206: Use after free in Blink. Reported + by Anonymous on 2021-04-07
+
[1196683] High CVE-2021-21220: Insufficient validation of + untrusted input in V8 for x86_64. Reported by Bruno Keith (@bkth_) + and Niklas Baumstark (@_niklasb) of Dataflow Security (@dfsec_it) + via ZDI (ZDI-CAN-13569) on 2021-04-07>
+
+

+ + + + CVE-2021-21206 + CVE-2021-21220 + https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html + + + 2021-04-13 + 2021-04-14 + + + xorg-server -- Input validation failures in X server XInput extension @@ -140,6 +175,7 @@ Notes: 2021-04-11 + syncthing -- crash due to malformed relay protocol message -- cgit v1.2.3