| Summary: | <dev-qt/qtwebengine-5.15.3_p20220310: Multiple vulnerabilities... | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Andreas Sturmlechner <asturm> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | qt, voron1 |
| Priority: | Normal | Keywords: | PullRequest |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=830642 https://bugs.gentoo.org/show_bug.cgi?id=831624 https://bugs.gentoo.org/show_bug.cgi?id=831918 https://bugs.gentoo.org/show_bug.cgi?id=833432 https://bugs.gentoo.org/show_bug.cgi?id=832559 https://github.com/gentoo/gentoo/pull/25037 |
||
| Whiteboard: | B2 [glsa+] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 829161, 835762 | ||
| Bug Blocks: | 836830 | ||
|
Description
Andreas Sturmlechner
2022-03-21 19:28:41 UTC
https://code.qt.io/cgit/qt/qtwebengine.git/commit/?h=5.15&id=f206c05a9dc6c2391b10762b6038f65fdb6818b6 Update Chromium Submodule src/3rdparty: 48a205f9..ab3a3447: > [Backport] CVE-2022-0108: Inappropriate implementation in Navigation > [Backport] Dependency for CVE-2022-0108 > Bump V8_PATCH_LEVEL > [Backport] CVE-2022-0111 and CVE-2022-0117 (2/2) > [Backport] CVE-2022-0111 and CVE-2022-0117 (1/2) > [Backport] Dependency for CVE-2022-0111 and CVE-2022-0117 > [Backport] CVE-2022-0310 and CVE-0311: Heap buffer overflow in Task Manager > [Backport] CVE-2022-23852 > [Backport] Security bug 1289394 > [Backport] CVE-2022-0608: Integer overflow in Mojo > [Backport] Security bug 1270014 > [Backport] Security bug 1261415 > [Backport] CVE-2022-0291: Inappropriate implementation in Storage > [Backport] CVE-2022-0293: Use after free in Web packaging > [Backport] CVE-2022-0607: Use after free in GPU > [Backport] CVE-2022-0610: Inappropriate implementation in Gamepad API > [Backport] CVE-2022-0606: Use after free in ANGLE > [Backport] Security bug 1292537 > [Backport] CVE-2022-0609: Use after free in Animation > [Backport] Security bug 1265570 > [Backport] CVE-2022-0116: Inappropriate implementation in Compositing > [Backport] Dependency for CVE-2022-0116 > [Backport] CVE-2022-0102: Type Confusion in V8 > [Backport] Security bug 1256885 > [Backport] CVE-2022-0460: Use after free in Window Dialog > [Backport] CVE-2022-0459: Use after free in Screen Capture > [Backport] CVE-2022-0461: Policy bypass in COOP > [Backport] Security bug 1280743 > [Backport] Security bug 1274113 > [Backport] CVE-2022-0456: Use after free in Web Search > [Backport] CVE-2022-0298: Use after free in Scheduling > [Backport] Security bug 1276331 > [Backport] CVE-2022-0305: Inappropriate implementation in Service Worker API > [Backport] CVE-2022-0306: Heap buffer overflow in PDFium > [Backport] CVE-2022-0289: Use after free in Safe browsing > [Backport] CVE-2022-0100: Heap buffer overflow in Media streams API > [Backport] CVE-2022-0113: Inappropriate implementation in Blink > [Backport] Security bug 1258603 > [Backport] Security bug 1259557 > [Backport] CVE-2022-0103: Use after free in SwiftShader > [Backport] CVE-2022-0109: Inappropriate implementation in Autofill (2/2) > [Backport] CVE-2022-0109: Inappropriate implementation in Autofill (1/2) > [Backport] CVE-2022-0104: Heap buffer overflow in ANGLE > [Backport] Security bug 1268448 > Replace base::ranges::set_union with std::set_union to fix MSVC2017 build The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bcd3f4c1d0d989c0858270e2f4bf3a83f6da9fc7 commit bcd3f4c1d0d989c0858270e2f4bf3a83f6da9fc7 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2022-04-15 21:36:17 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-04-17 19:27:34 +0000 dev-qt/qtwebengine: Cleanup vulnerable 5.15.2_p20211216 Bug: https://bugs.gentoo.org/836830 Bug: https://bugs.gentoo.org/835761 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> dev-qt/qtwebengine/Manifest | 1 - ...ngine-5.15.2_p20211210-sandbox-glibc-2.34.patch | 27 --- .../qtwebengine-5.15.2_p20211216.ebuild | 266 --------------------- 3 files changed, 294 deletions(-) Cleanup done. Thx @sam. GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5 commit 3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-14 14:29:30 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-14 14:33:57 +0000 [ GLSA 202208-25 ] Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/773040 Bug: https://bugs.gentoo.org/787950 Bug: https://bugs.gentoo.org/800181 Bug: https://bugs.gentoo.org/810781 Bug: https://bugs.gentoo.org/815397 Bug: https://bugs.gentoo.org/828519 Bug: https://bugs.gentoo.org/829161 Bug: https://bugs.gentoo.org/834477 Bug: https://bugs.gentoo.org/835397 Bug: https://bugs.gentoo.org/835761 Bug: https://bugs.gentoo.org/836011 Bug: https://bugs.gentoo.org/836381 Bug: https://bugs.gentoo.org/836777 Bug: https://bugs.gentoo.org/836830 Bug: https://bugs.gentoo.org/837497 Bug: https://bugs.gentoo.org/838049 Bug: https://bugs.gentoo.org/838433 Bug: https://bugs.gentoo.org/838682 Bug: https://bugs.gentoo.org/841371 Bug: https://bugs.gentoo.org/843035 Bug: https://bugs.gentoo.org/843728 Bug: https://bugs.gentoo.org/847370 Bug: https://bugs.gentoo.org/847613 Bug: https://bugs.gentoo.org/848864 Bug: https://bugs.gentoo.org/851003 Bug: https://bugs.gentoo.org/851009 Bug: https://bugs.gentoo.org/853229 Bug: https://bugs.gentoo.org/853643 Bug: https://bugs.gentoo.org/854372 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202208-25.xml | 284 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 284 insertions(+) GLSA done, all done. |
