866332 – <dev-qt/qtwebengine-5.15.7_p20221122: Multiple vulnerabilities...

Bug 866332 - <dev-qt/qtwebengine-5.15.7_p20221122: Multiple vulnerabilities...

Summary: <dev-qt/qtwebengine-5.15.7_p20221122: Multiple vulnerabilities...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	A2 [glsa+]
Keywords:

Depends on:	qt-5.15.7-stable
Blocks:	CVE-2022-2294 888181
	Show dependency tree

Reported:	2022-08-24 15:58 UTC by Andreas Sturmlechner
Modified:	2023-11-25 09:52 UTC (History)
CC List:	1 user (show)

See Also:	CVE-2022-1853, CVE-2022-1854, CVE-2022-1855, CVE-2022-1856, CVE-2022-1857, CVE-2022-1858, CVE-2022-1859, CVE-2022-1860, CVE-2022-1861, CVE-2022-1862, CVE-2022-1863, CVE-2022-1864, CVE-2022-1865, CVE-2022-1866, CVE-2022-1867, CVE-2022-1868, CVE-2022-1869, CVE-2022-1870, CVE-2022-1871, CVE-2022-1872, CVE-2022-1873, CVE-2022-1874, CVE-2022-1875, CVE-2022-1876 CVE-2022-2007, CVE-2022-2010, CVE-2022-2011 CVE-2022-2156, CVE-2022-2157, CVE-2022-2158, CVE-2022-2160, CVE-2022-2161, CVE-2022-2162, CVE-2022-2164, CVE-2022-2165 CVE-2022-2295, CVE-2022-2296 CVE-2022-2477, CVE-2022-2478, CVE-2022-2479, CVE-2022-2480, CVE-2022-2481 CVE-2022-2603, CVE-2022-2604, CVE-2022-2605, CVE-2022-2606, CVE-2022-2607, CVE-2022-2608, CVE-2022-2609, CVE-2022-2610, CVE-2022-2611, CVE-2022-2612, CVE-2022-2613, CVE-2022-2614, CVE-2022-2615, CVE-2022-2616, CVE-2022-2617, CVE-2022-2618, CVE-2022-2619, CVE-2022-2620, CVE-2022-2621, CVE-2022-2622, CVE-2022-2623, CVE-2022-2624 CVE-2022-3370, CVE-2022-3373 CVE-2022-3445, CVE-2022-3446, CVE-2022-3447, CVE-2022-3448, CVE-2022-3449, CVE-2022-3450 CVE-2022-3195, CVE-2022-3196, CVE-2022-3197, CVE-2022-3198, CVE-2022-3199, CVE-2022-3200
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Sturmlechner gentoo-dev

2022-08-24 15:58:50 UTC

Update Chromium5.15
Submodule src/3rdparty 7e11d69b..be349eaf:
  * [Backport] Security bug 1343889
  * [Backport] CVE-2022-2610: Insufficient policy enforcement in Background Fetch
  * [Backport] CVE-2022-2477 : Use after free in Guest View
  * [Backport] CVE-2022-27406
  * [Backport] CVE-2022-27405 (2/2)
  * [Backport] CVE-2022-27405 (1/2)
  * [Backport] CVE-2022-27404
  * [Backport] Security bug 1287804
  * [Backport] CVE-2022-2294: Heap buffer overflow in WebRTC (2/2)
  * [Backport] CVE-2022-2294: Heap buffer overflow in WebRTC (1/2)
  * [Backport] CVE-2022-2295: Type Confusion in V8
  * [Backport] CVE-2022-2160: Insufficient policy enforcement in DevTools
  * [Backport] CVE-2022-2162: Insufficient policy enforcement in File System API
  * [Backport] CVE-2022-2158: Type Confusion in V8
  * [Backport] Security bug 1316578
  * [Backport] CVE-2022-2008: Out of bounds memory access in WebGL
  * [Backport] CVE-2022-2010: Out of bounds read in compositing
  * [Backport] CVE-2022-1854: Use after free in ANGLE.
  * [Backport] CVE-2022-1857: Insufficient policy enforcement in File System API
  * [Backport] CVE-2022-1855: Use after free in Messaging
  * FIXUP: Fix url_utils for QtWebEngine

https://code.qt.io/cgit/qt/qtwebengine.git/commit/?h=5.15&id=2291526b04a09e126eff5785bbfb869b223c7fa2

Comment 1 Andreas Sturmlechner gentoo-dev

2022-08-24 16:04:08 UTC

There is also CVE-2022-27404, CVE-2022-27405, CVE-2022-27406 (bug 840224) but the ebuild depends on media-libs/freetype so I assume it is using system-freetype.

Comment 2 Morteza 2022-10-06 22:14:56 UTC

Any progress on these cve?

Comment 3 Larry the Git Cow gentoo-dev

2022-11-29 20:51:36 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b29d1aa9e776bef58cf639b10bdbe4d21a236d7c

commit b29d1aa9e776bef58cf639b10bdbe4d21a236d7c
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2022-11-29 19:32:46 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2022-11-29 20:50:29 +0000

    dev-qt/qtwebengine: add 5.15.7_p20221122
    
    Snapshotted at:
    Branch: 5.15
    Commit: 5d89f26414471689a9626515d098104e38bacbda
    
    Submodule qtwebengine-chromium.git:
    Branch: 87-based
    Commit: 20f20a41961ae1f63cf04a02f743cd2d9892a3b0
    
    Patched with security patches up to Chromium version: 98.0.4758.102
    
    Bug: https://bugs.gentoo.org/866332
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 +
 .../qtwebengine-5.15.7_p20221122.ebuild            | 282 +++++++++++++++++++++
 2 files changed, 283 insertions(+)

Comment 4 Andreas Sturmlechner gentoo-dev

2022-11-29 21:24:04 UTC

[Backport] Security bug 137891687-based
Fixup the patch for CVE-2022-3200 on 87-based / 5.15
[Backport] CVE-2022-3200: Heap buffer overflow in Internals
[Backport] CVE-2022-3887: Use after free in Web Workers
[Backport] CVE-2022-3890: Heap buffer overflow in Crashpad
[Backport] CVE-2022-3889: Type Confusion in V8
[Backport] CVE-2022-3885: Use after free in V8
[Backport] CVE-2022-3445: Use after free in Skia.
[Backport] CVE-2022-3373: Out of bounds write in V8
Fix building with XCode 14.1
[Backport] CVE-2022-3046: Use after free in Browser Tag
[Backport] CVE-2022-3446 and CVE-2022-35737
[Backport] CVE-2022-3304: Use after free in CSS
[Backport] CVE-2022-3201: Insufficient validation of untrusted input in Devel...
[Backport] Security bug 1356308
[Backport] CVE-2022-3370: Use after free in Custom Elements
[Backport] Security bugs 1346938 and 1338114
[Backport] CVE-2022-3199: Use after free in Frames.
[Backport] CVE-2022-3198: Use after free in PDF
[Backport] CVE-2022-3197: Use after free in PDF
[Backport] CVE-2022-3196: Use after free in PDF
[Backport] CVE-2022-3075: Insufficient data validation in Mojo
[Backport] CVE-2022-3040: Use after free in Layout
[Backport] CVE-2022-3041: Use after free in WebSQL
[Backport] CVE-2022-3038: Use after free in Network Service

Comment 5 Larry the Git Cow gentoo-dev

2022-12-06 17:07:00 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=acd584359ad952899442a4d7a0187df45e33fc7c

commit acd584359ad952899442a4d7a0187df45e33fc7c
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2022-12-05 20:09:19 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2022-12-06 17:05:58 +0000

    dev-qt/qtwebengine: cleanup vulnerable 5.15.5_p20220618
    
    Bug: https://bugs.gentoo.org/866332
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 -
 .../qtwebengine-5.15.5_p20220618.ebuild            | 283 ---------------------
 2 files changed, 284 deletions(-)

Comment 6 Larry the Git Cow gentoo-dev

2023-11-25 09:51:12 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=dd9cd4b6340b04f214138bcc4ca322bc52441f35

commit dd9cd4b6340b04f214138bcc4ca322bc52441f35
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-11-25 09:50:35 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-11-25 09:51:04 +0000

    [ GLSA 202311-11 ] QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/866332
    Bug: https://bugs.gentoo.org/888181
    Bug: https://bugs.gentoo.org/903544
    Bug: https://bugs.gentoo.org/904290
    Bug: https://bugs.gentoo.org/906857
    Bug: https://bugs.gentoo.org/909778
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202311-11.xml | 163 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 163 insertions(+)