FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-28 14:09:37 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
19047673-c680-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 3 security fixes:

  • [41494539] High CVE-2024-1284: Use after free in Mojo. Reported by Anonymous on 2024-01-25
  • [41494860] High CVE-2024-1283: Heap buffer overflow in Skia. Reported by Jorge Buzeti (@r3tr074) on 2024-01-25

Discovery 2024-02-06
Entry 2024-02-08
chromium
< 121.0.6167.160

ungoogled-chromium
< 121.0.6167.160

qt5-webengine
< 5.15.16.p5_5

qt6-webengine
< 6.6.1_5

CVE-2024-1284
CVE-2024-1283
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html
a11e7dd1-bed4-11ee-bdd6-4ccc6adda413qt5-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports:

Backports for 8 security bugs in Chromium:

  • [1505053] High CVE-2023-6345: Integer overflow in Skia
  • [1501326] High CVE-2023-6702: Type Confusion in V8
  • [1513170] High CVE-2023-7024: Heap buffer overflow in WebRTC
  • [1501798] High CVE-2024-0222: Use after free in ANGLE
  • [1505086] High CVE-2024-0224: Use after free in WebAudio
  • [1513379] High CVE-2024-0333: Insufficient data validation in Extensions
  • [1507412] High CVE-2024-0518: Type Confusion in V8
  • [1517354] High CVE-2024-0519: Out of bounds memory access in V8

Discovery 2024-01-08
Entry 2024-01-29
qt5-webengine
< 5.15.16.p5_4

CVE-2023-6345
CVE-2023-6702
CVE-2023-7024
CVE-2024-0222
CVE-2024-0224
CVE-2024-0333
CVE-2024-0518
CVE-2024-0519
https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based
bbcb1584-c068-11ee-bdd6-4ccc6adda413qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports:

Backports for 3 security bugs in Chromium:

  • [1505080] High CVE-2024-0807: Use after free in WebAudio
  • [1504936] Critical CVE-2024-0808: Integer underflow in WebUI
  • [1496250] Medium CVE-2024-0810: Insufficient policy enforcement in DevTools

Discovery 2024-01-30
Entry 2024-01-31
qt5-webengine
< 5.15.16.p5_5

qt6-webengine
< 6.6.1_4

CVE-2024-0807
CVE-2024-0808
CVE-2024-0810
https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=112-based
dc9e5237-c197-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 4 security fixes:

  • [1511567] High CVE-2024-1060: Use after free in Canvas. Reported by Anonymous on 2023-12-14
  • [1514777] High CVE-2024-1059: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-12-29
  • [1511085] High CVE-2024-1077: Use after free in Network. Reported by Microsoft Security Research Center on 2023-12-13

Discovery 2024-01-30
Entry 2024-02-02
chromium
< 121.0.6167.139

ungoogled-chromium
< 121.0.6167.139

qt5-webengine
< 5.15.16.p5_5

qt6-webengine
< 6.6.1_5

CVE-2024-1060
CVE-2024-1059
CVE-2024-1077
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html