Danil Somsikov (1): [Backport] Security bug 1337747 Geoff Lang (2): [Backport] CVE-2023-1534: Out of bounds read in ANGLE [Backport] CVE-2023-1531: Use after free in ANGLE Hongchan Choi (1): [Backport] CVE-2023-1222: Heap buffer overflow in Web Audio API Matt Reynolds (1): [Backport] CVE-2023-1529: Out of bounds memory access in WebHID Peter Boström (1): [Backport] Security bug 1418734 Robert Sesek (1): [Backport] CVE-2023-1217: Stack buffer overflow in Crash reporting Steinar H. Gunderson (1): [Backport] CVE-2023-1215: Type Confusion in CSS Tobias Tebbi (1): [Backport] Security bug 1417585 Tom Sepez (1): [Backport] CVE-2023-1530: Use after free in PDF (1/2) Will Harris (4): [Backport] CVE-2023-1219: Heap buffer overflow in Metrics (1/3) [Backport] CVE-2023-1219: Heap buffer overflow in Metrics (2/3) [Backport] CVE-2023-1219: Heap buffer overflow in Metrics (3/3) [Backport] CVE-2023-1220: Heap buffer overflow in UMA
s/5.15.8/5.15.9/ – is this why qtwebengine-5.15.9_p20230404.tar.xz hasn't made it to distfiles (see bug 904301) ?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8f07a7c7c14f7dd71fce70c31fa6603eeb43f63 commit a8f07a7c7c14f7dd71fce70c31fa6603eeb43f63 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2023-04-22 16:49:21 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2023-04-22 18:09:33 +0000 dev-qt/qtwebengine: add 5.15.9_p20230421 Bug: https://bugs.gentoo.org/904373 Bug: https://bugs.gentoo.org/904290 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> dev-qt/qtwebengine/Manifest | 1 + .../qtwebengine-5.15.9_p20230421-gcc-13.patch | 134 ++++++++++ .../qtwebengine-5.15.9_p20230421.ebuild | 272 +++++++++++++++++++++ 3 files changed, 407 insertions(+)
[Backport] CVE-2023-1530: Use after free in PDF (2/2)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2fe03d5d0bc73539c6f9951bc8d8c642400cd903 commit 2fe03d5d0bc73539c6f9951bc8d8c642400cd903 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2023-05-01 11:53:48 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2023-05-01 12:53:25 +0000 dev-qt/qtwebengine: cleanup vulnerable 5.15.8_p20230313 Bug: https://bugs.gentoo.org/904290 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> dev-qt/qtwebengine/Manifest | 1 - .../qtwebengine-5.15.8_p20230313.ebuild | 266 --------------------- 2 files changed, 267 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=dd9cd4b6340b04f214138bcc4ca322bc52441f35 commit dd9cd4b6340b04f214138bcc4ca322bc52441f35 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-11-25 09:50:35 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-11-25 09:51:04 +0000 [ GLSA 202311-11 ] QtWebEngine: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/866332 Bug: https://bugs.gentoo.org/888181 Bug: https://bugs.gentoo.org/903544 Bug: https://bugs.gentoo.org/904290 Bug: https://bugs.gentoo.org/906857 Bug: https://bugs.gentoo.org/909778 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202311-11.xml | 163 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 163 insertions(+)
