Bug 800181

Summary:	<dev-qt/qtwebengine-5.15.2_p20210625: Multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Andreas Sturmlechner <asturm>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=796521 https://bugs.gentoo.org/show_bug.cgi?id=795204 https://bugs.gentoo.org/show_bug.cgi?id=792084 https://bugs.gentoo.org/show_bug.cgi?id=789420 https://bugs.gentoo.org/show_bug.cgi?id=785889
Whiteboard:	A2 [glsa+]
Package list:	dev-qt/qtwebengine-5.15.2_p20210625	Runtime testing required:	---
Bug Depends on:	787950
Bug Blocks:	792054, 795201, 810781

Description Andreas Sturmlechner gentoo-dev

2021-07-03 14:26:43 UTC

Too many really to keep track of.

See also: https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based&qt=range&q=0b959ee2

Comment 1 Larry the Git Cow gentoo-dev

2021-07-04 20:40:25 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=393d361644d173d4ea6bfaaaa224f4a07ffef9bf

commit 393d361644d173d4ea6bfaaaa224f4a07ffef9bf
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2021-07-03 14:45:46 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2021-07-04 20:40:06 +0000

    dev-qt/qtwebengine: Drop 5.15.2_p20210521
    
    Overshadowed by 5.15.2_p20210625.
    
    Bug: https://bugs.gentoo.org/800181
    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 -
 .../qtwebengine-5.15.2_p20210521.ebuild            | 215 ---------------------
 2 files changed, 216 deletions(-)

Comment 2 Andreas Sturmlechner gentoo-dev

2021-07-14 10:36:23 UTC

arches please stabilise.

Comment 3 Agostino Sarubbo gentoo-dev

2021-07-17 07:44:36 UTC

x86 stable

Comment 4 Sam James archtester

2021-07-18 00:33:33 UTC

amd64 done

Comment 5 Sam James archtester

2021-07-22 06:06:53 UTC

arm64 done

all arches done

Comment 6 Sam James archtester

2021-07-22 06:07:40 UTC

Please cleanup, thanks!

Comment 7 Larry the Git Cow gentoo-dev

2021-07-22 09:35:50 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e28eaa9c45fdfeb0c75271d0cf52e427032dd76

commit 1e28eaa9c45fdfeb0c75271d0cf52e427032dd76
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2021-07-22 09:28:29 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2021-07-22 09:35:34 +0000

    dev-qt/qtwebengine: 5.15.2_p20210421 security cleanup
    
    Bug: https://bugs.gentoo.org/800181
    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 -
 .../files/qtwebengine-5.15.2_p20210406-gcc11.patch | 126 -------
 .../files/qtwebengine-5.15.2_p20210406-icu69.patch |  92 -----
 .../qtwebengine-5.15.2_p20210421-qtbug-91773.patch | 372 ---------------------
 .../qtwebengine-5.15.2_p20210421.ebuild            | 218 ------------
 5 files changed, 809 deletions(-)

Comment 8 Andreas Sturmlechner gentoo-dev

2021-07-22 09:36:56 UTC

Cleanup done.

Comment 9 Andreas Sturmlechner gentoo-dev

2021-07-26 18:35:31 UTC

qt proj done anyway, ping security.

Comment 10 NATTkA bot gentoo-dev

2021-09-19 13:44:36 UTC

Unable to check for sanity:

> no match for package: dev-qt/qtwebengine-5.15.2_p20210625

Comment 11 John Helmert III archtester

2022-08-14 04:59:01 UTC

GLSA request filed

Comment 12 Larry the Git Cow gentoo-dev

2022-08-14 14:34:51 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5

commit 3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-14 14:29:30 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-14 14:33:57 +0000

    [ GLSA 202208-25 ] Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/773040
    Bug: https://bugs.gentoo.org/787950
    Bug: https://bugs.gentoo.org/800181
    Bug: https://bugs.gentoo.org/810781
    Bug: https://bugs.gentoo.org/815397
    Bug: https://bugs.gentoo.org/828519
    Bug: https://bugs.gentoo.org/829161
    Bug: https://bugs.gentoo.org/834477
    Bug: https://bugs.gentoo.org/835397
    Bug: https://bugs.gentoo.org/835761
    Bug: https://bugs.gentoo.org/836011
    Bug: https://bugs.gentoo.org/836381
    Bug: https://bugs.gentoo.org/836777
    Bug: https://bugs.gentoo.org/836830
    Bug: https://bugs.gentoo.org/837497
    Bug: https://bugs.gentoo.org/838049
    Bug: https://bugs.gentoo.org/838433
    Bug: https://bugs.gentoo.org/838682
    Bug: https://bugs.gentoo.org/841371
    Bug: https://bugs.gentoo.org/843035
    Bug: https://bugs.gentoo.org/843728
    Bug: https://bugs.gentoo.org/847370
    Bug: https://bugs.gentoo.org/847613
    Bug: https://bugs.gentoo.org/848864
    Bug: https://bugs.gentoo.org/851003
    Bug: https://bugs.gentoo.org/851009
    Bug: https://bugs.gentoo.org/853229
    Bug: https://bugs.gentoo.org/853643
    Bug: https://bugs.gentoo.org/854372
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202208-25.xml | 284 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 284 insertions(+)

Comment 13 Sam James archtester

2022-08-14 14:35:40 UTC

GLSA done, all done.