[Git][security-tracker-team/security-tracker][master] Track CVEs for chromium upload to unstable

Wed Aug 16 08:06:54 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c5b41c60 by Salvatore Bonaccorso at 2023-08-16T09:03:34+02:00
Track CVEs for chromium upload to unstable

Note for reviewers: CVE-2023-2312 is slightly unclear if it is Android
specific or not.

https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html

lists it. But the cve.org CVE record on it mentions only "on Android".

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,64 +3,64 @@ CVE-2023-4371 (A vulnerability was found in phpRecDB 1.3.1. It has been rated as
 CVE-2023-4369 (Insufficient data validation in Systems Extensions in Google Chrome on ...)
 	NOT-FOR-US: Systems Extensions in Google Chrome on ChromeOS
 CVE-2023-4368 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...)
-	- chromium <unfixed>
+	- chromium 116.0.5845.96-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4367 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...)
-	- chromium <unfixed>
+	- chromium 116.0.5845.96-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4366 (Use after free in Extensions in Google Chrome prior to 116.0.5845.96 a ...)
-	- chromium <unfixed>
+	- chromium 116.0.5845.96-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4365 (Inappropriate implementation in Fullscreen in Google Chrome prior to 1 ...)
-	- chromium <unfixed>
+	- chromium 116.0.5845.96-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4364 (Inappropriate implementation in Permission Prompts in Google Chrome pr ...)
-	- chromium <unfixed>
+	- chromium 116.0.5845.96-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4363 (Inappropriate implementation in WebShare in Google Chrome on Android p ...)
-	- chromium <unfixed>
+	- chromium 116.0.5845.96-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4362 (Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845 ...)
-	- chromium <unfixed>
+	- chromium 116.0.5845.96-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4361 (Inappropriate implementation in Autofill in Google Chrome on Android p ...)
-	- chromium <unfixed>
+	- chromium 116.0.5845.96-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4360 (Inappropriate implementation in Color in Google Chrome prior to 116.0. ...)
-	- chromium <unfixed>
+	- chromium 116.0.5845.96-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4359 (Inappropriate implementation in App Launcher in Google Chrome on iOS p ...)
-	- chromium <unfixed>
+	- chromium 116.0.5845.96-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4358 (Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed  ...)
-	- chromium <unfixed>
+	- chromium 116.0.5845.96-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4357 (Insufficient validation of untrusted input in XML in Google Chrome pri ...)
-	- chromium <unfixed>
+	- chromium 116.0.5845.96-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4356 (Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowe ...)
-	- chromium <unfixed>
+	- chromium 116.0.5845.96-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4355 (Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845 ...)
-	- chromium <unfixed>
+	- chromium 116.0.5845.96-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4354 (Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 a ...)
-	- chromium <unfixed>
+	- chromium 116.0.5845.96-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4353 (Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96  ...)
-	- chromium <unfixed>
+	- chromium 116.0.5845.96-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4352 (Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a ...)
-	- chromium <unfixed>
+	- chromium 116.0.5845.96-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4351 (Use after free in Network in Google Chrome prior to 116.0.5845.96 allo ...)
-	- chromium <unfixed>
+	- chromium 116.0.5845.96-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4350 (Inappropriate implementation in Fullscreen in Google Chrome on Android ...)
-	- chromium <unfixed>
+	- chromium 116.0.5845.96-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4349 (Use after free in Device Trust Connectors in Google Chrome prior to 11 ...)
-	- chromium <unfixed>
+	- chromium 116.0.5845.96-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4345 (Broadcom RAID Controller web interface is vulnerable client-side contr ...)
 	NOT-FOR-US: Broadcom RAID Controller web interface
@@ -12236,7 +12236,7 @@ CVE-2023-2313 (Inappropriate implementation in Sandbox in Google Chrome on Windo
 	- chromium 112.0.5615.49-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2312 (Use after free in Offline in Google Chrome on Android prior to 116.0.5 ...)
-	- chromium <unfixed>
+	- chromium 116.0.5845.96-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2311 (Insufficient policy enforcement in File System API in Google Chrome pr ...)
 	{DSA-5386-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5b41c60c503a3e400f4011f1493845042e1c3ec

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5b41c60c503a3e400f4011f1493845042e1c3ec
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230816/677ebef9/attachment-0001.htm>
