[Git][security-tracker-team/security-tracker][master] Track CVEs for chromium upload to unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 16 08:06:54 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c5b41c60 by Salvatore Bonaccorso at 2023-08-16T09:03:34+02:00
Track CVEs for chromium upload to unstable
Note for reviewers: CVE-2023-2312 is slightly unclear if it is Android
specific or not.
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html
lists it. But the cve.org CVE record on it mentions only "on Android".
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,64 +3,64 @@ CVE-2023-4371 (A vulnerability was found in phpRecDB 1.3.1. It has been rated as
CVE-2023-4369 (Insufficient data validation in Systems Extensions in Google Chrome on ...)
NOT-FOR-US: Systems Extensions in Google Chrome on ChromeOS
CVE-2023-4368 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...)
- - chromium <unfixed>
+ - chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4367 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...)
- - chromium <unfixed>
+ - chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4366 (Use after free in Extensions in Google Chrome prior to 116.0.5845.96 a ...)
- - chromium <unfixed>
+ - chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4365 (Inappropriate implementation in Fullscreen in Google Chrome prior to 1 ...)
- - chromium <unfixed>
+ - chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4364 (Inappropriate implementation in Permission Prompts in Google Chrome pr ...)
- - chromium <unfixed>
+ - chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4363 (Inappropriate implementation in WebShare in Google Chrome on Android p ...)
- - chromium <unfixed>
+ - chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4362 (Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845 ...)
- - chromium <unfixed>
+ - chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4361 (Inappropriate implementation in Autofill in Google Chrome on Android p ...)
- - chromium <unfixed>
+ - chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4360 (Inappropriate implementation in Color in Google Chrome prior to 116.0. ...)
- - chromium <unfixed>
+ - chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4359 (Inappropriate implementation in App Launcher in Google Chrome on iOS p ...)
- - chromium <unfixed>
+ - chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4358 (Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed ...)
- - chromium <unfixed>
+ - chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4357 (Insufficient validation of untrusted input in XML in Google Chrome pri ...)
- - chromium <unfixed>
+ - chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4356 (Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowe ...)
- - chromium <unfixed>
+ - chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4355 (Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845 ...)
- - chromium <unfixed>
+ - chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4354 (Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 a ...)
- - chromium <unfixed>
+ - chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4353 (Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 ...)
- - chromium <unfixed>
+ - chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4352 (Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a ...)
- - chromium <unfixed>
+ - chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4351 (Use after free in Network in Google Chrome prior to 116.0.5845.96 allo ...)
- - chromium <unfixed>
+ - chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4350 (Inappropriate implementation in Fullscreen in Google Chrome on Android ...)
- - chromium <unfixed>
+ - chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4349 (Use after free in Device Trust Connectors in Google Chrome prior to 11 ...)
- - chromium <unfixed>
+ - chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4345 (Broadcom RAID Controller web interface is vulnerable client-side contr ...)
NOT-FOR-US: Broadcom RAID Controller web interface
@@ -12236,7 +12236,7 @@ CVE-2023-2313 (Inappropriate implementation in Sandbox in Google Chrome on Windo
- chromium 112.0.5615.49-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2312 (Use after free in Offline in Google Chrome on Android prior to 116.0.5 ...)
- - chromium <unfixed>
+ - chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2311 (Insufficient policy enforcement in File System API in Google Chrome pr ...)
{DSA-5386-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5b41c60c503a3e400f4011f1493845042e1c3ec
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5b41c60c503a3e400f4011f1493845042e1c3ec
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230816/677ebef9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list