Bug 679650

Summary:	<dev-qt/qtwebengine-5.12.2: Use-after-free in FileReader (CVE-2019-5786)
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	qt, remy, soprwa
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://bugreports.qt.io/browse/QTBUG-74254
Whiteboard:	B3 [noglsa cve]
Package list:		Runtime testing required:	---
Bug Depends on:	685260
Bug Blocks:	679646

Description GLSAMaker/CVETool Bot gentoo-dev

2019-03-06 22:37:53 UTC

CVE-2019-5786 (https://nvd.nist.gov/vuln/detail/CVE-2019-5786):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2019-03-06 22:39:56 UTC

https://gitweb.gentoo.org/proj/qt.git/commit/?id=32d376215b9ba05ff3d8abe9b76a36b08b1a6f7b

Comment 2 Michael Palimaka (kensington) gentoo-dev

2019-03-31 10:43:54 UTC

This is fixed in 5.12.2, with no ETA on stabilisation at this stage.

Comment 3 Andreas Sturmlechner gentoo-dev

2019-06-06 20:40:05 UTC

Cleanup done in 399317bde8cd3cf248fdec679bc9f17107197065.