Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 888181 - <dev-qt/qtwebengine-5.15.8_p20230112: Multiple vulnerabilities...
Summary: <dev-qt/qtwebengine-5.15.8_p20230112: Multiple vulnerabilities...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa+]
Keywords: PullRequest
Depends on: 866332 qt-5.15.8-stable
Blocks: CVE-2022-3201 CVE-2022-4174, CVE-2022-4175, CVE-2022-4176, CVE-2022-4177, CVE-2022-4178, CVE-2022-4179, CVE-2022-4180, CVE-2022-4181, CVE-2022-4182, CVE-2022-4183, CVE-2022-4184, CVE-2022-4185, CVE-2022-4186, CVE-2022-4187, CVE-2022-4188, CVE-2022-4189, CVE-2022-4190, CVE-2022-4191, CVE-2022-4192, CVE-2022-4193, CVE-2022-4194, CVE-2022-4195 CVE-2022-4436, CVE-2022-4437, CVE-2022-4438, CVE-2022-4439, CVE-2022-4440 903544
  Show dependency tree
 
Reported: 2022-12-24 16:33 UTC by Andreas Sturmlechner
Modified: 2023-11-25 09:52 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Sturmlechner gentoo-dev 2022-12-24 16:33:52 UTC 
In anticipation of Qt 5.15.8 bump early next year...


[Backport] CVE-2022-4179: Use after free in Audio87-based
Fixup for patch for CVE-2022-3200 on OpenSuse 15.1
[Backport] CVE-2022-4262: Type Confusion in V8
Bump V8_PATCH_LEVEL
[Backport] CVE-2022-4174: Type Confusion in V8
[Backport] CVE-2022-4180: Use after free in Mojo
[Backport] CVE-2022-4181: Use after free in Forms
[Backport] CVE-2022-3201: Insufficient validation of untrusted input in Devel...
[Backport] Security bug 1378916
Comment 1 Larry the Git Cow gentoo-dev 2023-01-08 21:45:09 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0246bf815604f1c99d0a57896a9ed6bd3e18ca9

commit b0246bf815604f1c99d0a57896a9ed6bd3e18ca9
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2023-01-08 21:05:42 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2023-01-08 21:44:58 +0000

    dev-qt/qtwebengine: add 5.15.8_p20230106
    
    Snapshotted at:
    Branch: 5.15
    Commit: 38e0df6c6e5a1186b68df9b3d6f4cafbb211f2da
    
    Submodule qtwebengine-chromium.git:
    Branch: 87-based
    Commit: ce9155cc73d8a94f1536b96e841c0aee2ff7d921
    
    Patched with security patches up to Chromium version: 98.0.4758.102
    
    Bug: https://bugs.gentoo.org/888181
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 +
 ...gine-5.15.8_p20230106-v8-opcode-constexpr.patch |  43 ++++
 .../qtwebengine-5.15.8_p20230106-widevine.patch    |  82 ++++++
 .../qtwebengine-5.15.8_p20230106.ebuild            | 284 +++++++++++++++++++++
 4 files changed, 410 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2023-01-15 12:36:48 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90c0da93ba084e79f9e5468d1b3759bc0a351a89

commit 90c0da93ba084e79f9e5468d1b3759bc0a351a89
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2023-01-14 12:12:33 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2023-01-15 12:36:32 +0000

    dev-qt/qtwebengine: add 5.15.8_p20230112
    
    Fixes CVE-2022-4437 and CVE-2022-4438.
    
    Snapshotted at:
    Branch: 5.15
    Commit: 38e0df6c6e5a1186b68df9b3d6f4cafbb211f2da
    
    Submodule qtwebengine-chromium.git:
    Branch: 87-based
    Commit: 97a1254923022e66fa75245c3ace64f58112cba6
    
    Patched with security patches up to Chromium version: 98.0.4758.102
    
    Bug: https://bugs.gentoo.org/888946
    Bug: https://bugs.gentoo.org/888181
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 +
 .../qtwebengine-5.15.8_p20230112.ebuild            | 284 +++++++++++++++++++++
 2 files changed, 285 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2023-01-24 09:45:00 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eaa7be44ddbf8aa370024de0ccfe9b96b6df3637

commit eaa7be44ddbf8aa370024de0ccfe9b96b6df3637
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2023-01-23 19:22:32 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2023-01-24 09:34:52 +0000

    dev-qt/qtwebengine: cleanup vulnerable 5.15.7_p20221122
    
    Bug: https://bugs.gentoo.org/888181
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 -
 .../qtwebengine-5.15.7_p20221122.ebuild            | 282 ---------------------
 2 files changed, 283 deletions(-)
Comment 4 Larry the Git Cow gentoo-dev 2023-11-25 09:51:10 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=dd9cd4b6340b04f214138bcc4ca322bc52441f35

commit dd9cd4b6340b04f214138bcc4ca322bc52441f35
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-11-25 09:50:35 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-11-25 09:51:04 +0000

    [ GLSA 202311-11 ] QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/866332
    Bug: https://bugs.gentoo.org/888181
    Bug: https://bugs.gentoo.org/903544
    Bug: https://bugs.gentoo.org/904290
    Bug: https://bugs.gentoo.org/906857
    Bug: https://bugs.gentoo.org/909778
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202311-11.xml | 163 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 163 insertions(+)