Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 810781 - <dev-qt/qtwebengine-5.15.2_p20210824: Multiple vulnerabilities
Summary: <dev-qt/qtwebengine-5.15.2_p20210824: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://github.com/gentoo/gentoo/pull...
Whiteboard: B2 [glsa+]
Keywords: PullRequest
Depends on: 800181 811441
Blocks: 815397
  Show dependency tree
 
Reported: 2021-08-28 10:58 UTC by Andreas Sturmlechner
Modified: 2022-08-14 14:35 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Sturmlechner gentoo-dev 2021-08-28 10:58:55 UTC 
Too many really to keep track of. Half of the linked bugs have severity=major.

See also: https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based&qt=range&q=9f71911e
Comment 1 Larry the Git Cow gentoo-dev 2021-09-02 18:38:27 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=65d22cb153e059dfec7e973a92c2dd95aad1730e

commit 65d22cb153e059dfec7e973a92c2dd95aad1730e
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2021-08-28 10:07:17 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2021-09-02 18:38:07 +0000

    dev-qt/qtwebengine: 5.15.2_p20210824 snapshot bump, EAPI-8 bump
    
    Snapshotted at:
    Branch: 5.15.6
    Commit: 2acbba86362ac3a1c2d8c20390dc263875f8f09c
    
    Additional cherry-pick from branch 5.15:
    Fix crash when clicking on a link in PDF
    Commit: 7f4a6ff45743cecbfe0dd14ef29afd0874a2ed39
    
    Submodule qtwebengine-chromium.git:
    Branch: 87-based
    Commit: 9f71911e38c041cedc5291c5e772b7d03ce8b8c
    
    Bug: https://bugs.gentoo.org/810781
    Package-Manager: Portage-3.0.22, Repoman-3.0.3
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 +
 .../qtwebengine-5.15.2_p20210824.ebuild            | 224 +++++++++++++++++++++
 2 files changed, 225 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2021-09-19 13:42:01 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd6fb46a681e8d3a3628fb13c92d459a022e1acd

commit fd6fb46a681e8d3a3628fb13c92d459a022e1acd
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2021-09-19 13:35:18 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2021-09-19 13:41:47 +0000

    dev-qt/qtwebengine: Drop vulnerable 5.15.2_p20210625
    
    Bug: https://bugs.gentoo.org/810781
    Package-Manager: Portage-3.0.23, Repoman-3.0.3
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 -
 ...qtwebengine-5.15.0-disable-fatal-warnings.patch |  10 -
 .../qtwebengine-5.15.2_p20210625.ebuild            | 224 ---------------------
 3 files changed, 235 deletions(-)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-19 13:46:06 UTC 
Thanks asturm!
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 04:59:02 UTC 
GLSA request filed
Comment 5 Larry the Git Cow gentoo-dev 2022-08-14 14:34:06 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5

commit 3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-14 14:29:30 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-14 14:33:57 +0000

    [ GLSA 202208-25 ] Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/773040
    Bug: https://bugs.gentoo.org/787950
    Bug: https://bugs.gentoo.org/800181
    Bug: https://bugs.gentoo.org/810781
    Bug: https://bugs.gentoo.org/815397
    Bug: https://bugs.gentoo.org/828519
    Bug: https://bugs.gentoo.org/829161
    Bug: https://bugs.gentoo.org/834477
    Bug: https://bugs.gentoo.org/835397
    Bug: https://bugs.gentoo.org/835761
    Bug: https://bugs.gentoo.org/836011
    Bug: https://bugs.gentoo.org/836381
    Bug: https://bugs.gentoo.org/836777
    Bug: https://bugs.gentoo.org/836830
    Bug: https://bugs.gentoo.org/837497
    Bug: https://bugs.gentoo.org/838049
    Bug: https://bugs.gentoo.org/838433
    Bug: https://bugs.gentoo.org/838682
    Bug: https://bugs.gentoo.org/841371
    Bug: https://bugs.gentoo.org/843035
    Bug: https://bugs.gentoo.org/843728
    Bug: https://bugs.gentoo.org/847370
    Bug: https://bugs.gentoo.org/847613
    Bug: https://bugs.gentoo.org/848864
    Bug: https://bugs.gentoo.org/851003
    Bug: https://bugs.gentoo.org/851009
    Bug: https://bugs.gentoo.org/853229
    Bug: https://bugs.gentoo.org/853643
    Bug: https://bugs.gentoo.org/854372
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202208-25.xml | 284 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 284 insertions(+)
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 14:35:24 UTC 
GLSA done, all done.