Mention vulnerabilities in www/chromium < 18.0.1025.151

Obtained from: http://googlechromereleases.blogspot.com/search/label/Stable%20updates Security: CVE-2011-[3066-3077] Feature safe: yes
svn path=/head/; revision=294266
2025-02-06 11:41:52 +00:00 · 2012-04-05 20:59:08 +00:00 · 2012-04-05 20:59:08 +00:00 · 451d29f129 · 2021-03-31 03:12:20 +00:00
commit 451d29f129
parent f47e4ea737
1 changed files with 60 additions and 0 deletions
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -52,6 +52,66 @@ Note:  Please add new entries to the beginning of this file.

 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="057130e6-7f61-11e1-8a43-00262d5ed8ee">
+    <topic>chromium -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>chromium</name>
+	<range><lt>18.0.1025.151</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Google Chrome Releases reports:</p>
+	<blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
+	  <p>[106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping.	    Credit to miaubiz.</p>
+	  <p>[117583] Medium CVE-2011-3067: Cross-origin iframe replacement.
+	     Credit to Sergey Glazunov.</p>
+	  <p>[117698] High CVE-2011-3068: Use-after-free in run-in handling.
+	     Credit to miaubiz.</p>
+	  <p>[117728] High CVE-2011-3069: Use-after-free in line box handling.
+	     Credit to miaubiz.</p>
+	  <p>[118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit
+	     to Google Chrome Security Team (SkyLined).</p>
+	  <p>[118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement.
+	     Credit to pa_kt, reporting through HP TippingPoint ZDI
+	     (ZDI-CAN-1528).</p>
+	  <p>[118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up
+	     window.  Credit to Sergey Glazunov.</p>
+	  <p>[118593] High CVE-2011-3073: Use-after-free in SVG resource
+	     handling.  Credit to Arthur Gerkis.</p>
+	  <p>[119281] Medium CVE-2011-3074: Use-after-free in media handling.
+	     Credit to Slawomir Blazek.</p>
+	  <p>[119525] High CVE-2011-3075: Use-after-free applying style command.
+	     Credit to miaubiz.</p>
+	  <p>[120037] High CVE-2011-3076: Use-after-free in focus handling.
+	     Credit to miaubiz.</p>
+	  <p>[120189] Medium CVE-2011-3077: Read-after-free in script bindings.
+	     Credit to Google Chrome Security Team (Inferno).</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2011-3066</cvename>
+      <cvename>CVE-2011-3067</cvename>
+      <cvename>CVE-2011-3068</cvename>
+      <cvename>CVE-2011-3069</cvename>
+      <cvename>CVE-2011-3070</cvename>
+      <cvename>CVE-2011-3071</cvename>
+      <cvename>CVE-2011-3072</cvename>
+      <cvename>CVE-2011-3073</cvename>
+      <cvename>CVE-2011-3074</cvename>
+      <cvename>CVE-2011-3075</cvename>
+      <cvename>CVE-2011-3076</cvename>
+      <cvename>CVE-2011-3077</cvename>
+      <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
+    </references>
+    <dates>
+      <discovery>2012-04-05</discovery>
+      <entry>2012-04-05</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="7289214f-7c55-11e1-ab3b-000bcdf0a03b">
    <topic>libpurple -- Remote DoS via an MSN OIM message that lacks UTF-8 encoding</topic>
    <affects>