Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 909778 - <dev-qt/qtwebengine-5.15.10_p20230623: Multiple vulnerabilities...
Summary: <dev-qt/qtwebengine-5.15.10_p20230623: Multiple vulnerabilities...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa+]
Keywords:
Depends on: 906857 qt-5.15.10-stable
Blocks: CVE-2023-2721, CVE-2023-2722, CVE-2023-2723, CVE-2023-2724, CVE-2023-2725, CVE-2023-2726 CVE-2023-2929, CVE-2023-2930, CVE-2023-2931, CVE-2023-2932, CVE-2023-2933, CVE-2023-2934, CVE-2023-2935, CVE-2023-2936, CVE-2023-2937, CVE-2023-2938, CVE-2023-2939, CVE-2023-2940, CVE-2023-2941, CVE-2023-3079 CVE-2023-3214, CVE-2023-3215, CVE-2023-3216, CVE-2023-3217 913050
  Show dependency tree
 
Reported: 2023-07-06 17:15 UTC by Andreas Sturmlechner
Modified: 2023-11-25 09:54 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Sturmlechner gentoo-dev 2023-07-06 17:15:35 UTC 
* Fixup [Backport] CVE-2023-2935: Type Confusion in V8
* [Backport] Security bug 1447430
* [Backport] CVE-2023-2930: Use after free in Extensions
* [Backport] CVE-2023-3079: Type Confusion in V8
* [Backport] CVE-2023-3216: Type Confusion in V8
* [Backport] CVE-2023-2933: Use after free in PDF
* [Backport] CVE-2023-2935: Type Confusion in V8
* [Backport] CVE-2023-2932: Use after free in PDF
* [Backport] CVE-2023-2931: Use after free in PDF
* [Backport] Security bug 1444195
* [Backport] Security bug 1428743
* [Backport] CVE-2023-2721: Use after free in Navigation
Comment 1 Larry the Git Cow gentoo-dev 2023-07-06 17:17:08 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=889551ac2facf734cf81217fa3fbd3951c50e037

commit 889551ac2facf734cf81217fa3fbd3951c50e037
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2023-07-06 17:09:05 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2023-07-06 17:16:55 +0000

    dev-qt/qtwebengine: add 5.15.10_p20230623
    
    Bug: https://bugs.gentoo.org/909313
    Bug: https://bugs.gentoo.org/909778
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 +
 .../qtwebengine-5.15.10_p20230623.ebuild           | 269 +++++++++++++++++++++
 2 files changed, 270 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2023-07-13 08:42:24 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb5fab846ae931348e67bfbb9449edcfd292b956

commit bb5fab846ae931348e67bfbb9449edcfd292b956
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2023-07-13 07:36:05 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2023-07-13 08:42:10 +0000

    dev-qt/qtwebengine: drop 5.15.9_p20230505, 5.15.10_p20230505
    
    Bug: https://bugs.gentoo.org/906857
    Bug: https://bugs.gentoo.org/909778
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 -
 .../qtwebengine-5.15.10_p20230505.ebuild           | 269 ---------------------
 .../qtwebengine-5.15.9_p20230505.ebuild            | 269 ---------------------
 3 files changed, 539 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2023-11-25 09:51:14 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=dd9cd4b6340b04f214138bcc4ca322bc52441f35

commit dd9cd4b6340b04f214138bcc4ca322bc52441f35
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-11-25 09:50:35 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-11-25 09:51:04 +0000

    [ GLSA 202311-11 ] QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/866332
    Bug: https://bugs.gentoo.org/888181
    Bug: https://bugs.gentoo.org/903544
    Bug: https://bugs.gentoo.org/904290
    Bug: https://bugs.gentoo.org/906857
    Bug: https://bugs.gentoo.org/909778
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202311-11.xml | 163 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 163 insertions(+)