927746 – <dev-qt/qtwebengine-5.15.13_p20240322: Multiple vulnerabilities

Bug 927746 - <dev-qt/qtwebengine-5.15.13_p20240322: Multiple vulnerabilities

Summary: <dev-qt/qtwebengine-5.15.13_p20240322: Multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:	A2 [glsa+]
Keywords:	PullRequest

Depends on:	922189 qt-5.15.13-stable
Blocks:	CVE-2024-1283, CVE-2024-1284 CVE-2024-0804, CVE-2024-0805, CVE-2024-0806, CVE-2024-0807, CVE-2024-0808, CVE-2024-0809, CVE-2024-0810, CVE-2024-0811, CVE-2024-0812, CVE-2024-0813, CVE-2024-0814 CVE-2024-1059, CVE-2024-1060, CVE-2024-1077
	Show dependency tree

Reported:	2024-03-24 19:25 UTC by Andreas Sturmlechner
Modified:	2024-05-15 18:42 UTC (History)
CC List:	1 user (show)

See Also:	https://github.com/gentoo/gentoo/pull/36106 CVE-2023-7104, CVE-2024-3157, CVE-2024-3516
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Sturmlechner gentoo-dev

2024-03-24 19:25:27 UTC

[Backport] Security bug 325296797
Fixup for: Fixup for [Backport] Security bug 1519980
[Backport] CVE-2024-1059: Use after free in WebRTC
[Backport] Security bug 1518994
Fixup for [Backport] Security bug 1519980
[Backport] CVE-2024-1283: Heap buffer overflow in Skia
[Backport] CVE-2024-1060: Use after free in Canvas
[Backport] CVE-2024-1077: Use after free in Network
[Backport] Security bug 1519980
[Backport] CVE-2024-0808: Integer underflow in WebUI
[Backport] CVE-2024-0807: Use after free in WebAudio
[Backport] Security bug 1511689

Comment 1 Larry the Git Cow gentoo-dev

2024-04-05 15:01:20 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01b2aa626e4e6ba9171d4194c47e2ad74a53f41d

commit 01b2aa626e4e6ba9171d4194c47e2ad74a53f41d
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2024-04-04 18:34:51 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2024-04-05 15:00:59 +0000

    dev-qt/qtwebengine: drop 5.15.12_p20240122
    
    Closes: https://bugs.gentoo.org/636242
    Bug: https://bugs.gentoo.org/927746
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   4 -
 .../qtwebengine-5.15.12_p20240122.ebuild           | 279 ---------------------
 2 files changed, 283 deletions(-)

Comment 2 Larry the Git Cow gentoo-dev

2024-05-05 08:20:27 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=adc29f075f4d42d41919d75c72e68c5da42f5035

commit adc29f075f4d42d41919d75c72e68c5da42f5035
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-05-05 08:20:02 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-05-05 08:20:22 +0000

    [ GLSA 202405-14 ] QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/927746
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202405-14.xml | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)