Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: c5b41c60 by Salvatore Bonaccorso at 2023-08-16T09:03:34+02:00 Track CVEs for chromium upload to unstable Note for reviewers: CVE-2023-2312 is slightly unclear if it is Android specific or not. https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html lists it. But the cve.org CVE record on it mentions only "on Android". - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -3,64 +3,64 @@ CVE-2023-4371 (A vulnerability was found in phpRecDB 1.3.1. It has been rated as CVE-2023-4369 (Insufficient data validation in Systems Extensions in Google Chrome on ...) NOT-FOR-US: Systems Extensions in Google Chrome on ChromeOS CVE-2023-4368 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...) - - chromium <unfixed> + - chromium 116.0.5845.96-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4367 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...) - - chromium <unfixed> + - chromium 116.0.5845.96-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4366 (Use after free in Extensions in Google Chrome prior to 116.0.5845.96 a ...) - - chromium <unfixed> + - chromium 116.0.5845.96-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4365 (Inappropriate implementation in Fullscreen in Google Chrome prior to 1 ...) - - chromium <unfixed> + - chromium 116.0.5845.96-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4364 (Inappropriate implementation in Permission Prompts in Google Chrome pr ...) - - chromium <unfixed> + - chromium 116.0.5845.96-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4363 (Inappropriate implementation in WebShare in Google Chrome on Android p ...) - - chromium <unfixed> + - chromium 116.0.5845.96-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4362 (Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845 ...) - - chromium <unfixed> + - chromium 116.0.5845.96-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4361 (Inappropriate implementation in Autofill in Google Chrome on Android p ...) - - chromium <unfixed> + - chromium 116.0.5845.96-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4360 (Inappropriate implementation in Color in Google Chrome prior to 116.0. ...) - - chromium <unfixed> + - chromium 116.0.5845.96-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4359 (Inappropriate implementation in App Launcher in Google Chrome on iOS p ...) - - chromium <unfixed> + - chromium 116.0.5845.96-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4358 (Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed ...) - - chromium <unfixed> + - chromium 116.0.5845.96-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4357 (Insufficient validation of untrusted input in XML in Google Chrome pri ...) - - chromium <unfixed> + - chromium 116.0.5845.96-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4356 (Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowe ...) - - chromium <unfixed> + - chromium 116.0.5845.96-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4355 (Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845 ...) - - chromium <unfixed> + - chromium 116.0.5845.96-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4354 (Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 a ...) - - chromium <unfixed> + - chromium 116.0.5845.96-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4353 (Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 ...) - - chromium <unfixed> + - chromium 116.0.5845.96-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4352 (Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a ...) - - chromium <unfixed> + - chromium 116.0.5845.96-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4351 (Use after free in Network in Google Chrome prior to 116.0.5845.96 allo ...) - - chromium <unfixed> + - chromium 116.0.5845.96-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4350 (Inappropriate implementation in Fullscreen in Google Chrome on Android ...) - - chromium <unfixed> + - chromium 116.0.5845.96-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4349 (Use after free in Device Trust Connectors in Google Chrome prior to 11 ...) - - chromium <unfixed> + - chromium 116.0.5845.96-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4345 (Broadcom RAID Controller web interface is vulnerable client-side contr ...) NOT-FOR-US: Broadcom RAID Controller web interface @@ -12236,7 +12236,7 @@ CVE-2023-2313 (Inappropriate implementation in Sandbox in Google Chrome on Windo - chromium 112.0.5615.49-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-2312 (Use after free in Offline in Google Chrome on Android prior to 116.0.5 ...) - - chromium <unfixed> + - chromium 116.0.5845.96-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-2311 (Insufficient policy enforcement in File System API in Google Chrome pr ...) {DSA-5386-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5b41c60c503a3e400f4011f1493845042e1c3ec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5b41c60c503a3e400f4011f1493845042e1c3ec You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
