Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 836830

Summary: <dev-qt/qtwebengine-5.15.3_p20220330: Multiple vulnerabilities...
Product: Gentoo Security Reporter: Andreas Sturmlechner <asturm>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: qt
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.qt.io/blog/security-advisory-recently-reported-chromium-impacts-qtwebengine
See Also: https://bugs.gentoo.org/show_bug.cgi?id=835397
https://github.com/gentoo/gentoo/pull/25037
Whiteboard: B2 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 835761, 835762    
Bug Blocks: 836011, 847613    

Description Andreas Sturmlechner gentoo-dev 2022-04-05 10:50:16 UTC
Update Chromium
Submodule src/3rdparty ab3a3447a..d13d0924c:
  > [Backport] CVE-2022-0971
  > [Backport] CVE-2022-1096
Comment 1 Andreas Sturmlechner gentoo-dev 2022-04-05 17:57:09 UTC
dev-qt/qtwebengine: 5.15.3_p20220330 version bump, py3

Patched with security patches up to Chromium version:
98.0.4758.102 plus fixes for CVE-2022-0971, CVE-2022-1096

Patches sourced from ArchLinux:
- Enable build with >=python-3
- Fix build with >=ffmpeg-5
- Enable screencast support using pipewire-3

Snapshotted at:
Branch: 5.15
Commit: dcdf9656f794e1903163a5533d0a325eb3dce423

Submodule qtwebengine-chromium.git:
Branch: 87-based
Commit: d13d0924c4e18ecc4b79adf0fec142ee9a9eaa14

Bug: https://bugs.gentoo.org/835761
Closes: https://bugs.gentoo.org/831487
Comment 2 Larry the Git Cow gentoo-dev 2022-04-17 19:29:23 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bcd3f4c1d0d989c0858270e2f4bf3a83f6da9fc7

commit bcd3f4c1d0d989c0858270e2f4bf3a83f6da9fc7
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2022-04-15 21:36:17 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-04-17 19:27:34 +0000

    dev-qt/qtwebengine: Cleanup vulnerable 5.15.2_p20211216
    
    Bug: https://bugs.gentoo.org/836830
    Bug: https://bugs.gentoo.org/835761
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 -
 ...ngine-5.15.2_p20211210-sandbox-glibc-2.34.patch |  27 ---
 .../qtwebengine-5.15.2_p20211216.ebuild            | 266 ---------------------
 3 files changed, 294 deletions(-)
Comment 3 Andreas Sturmlechner gentoo-dev 2022-04-17 19:39:20 UTC
Cleanup done. Thx @sam.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 04:59:05 UTC
GLSA request filed
Comment 5 Larry the Git Cow gentoo-dev 2022-08-14 14:34:36 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5

commit 3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-14 14:29:30 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-14 14:33:57 +0000

    [ GLSA 202208-25 ] Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/773040
    Bug: https://bugs.gentoo.org/787950
    Bug: https://bugs.gentoo.org/800181
    Bug: https://bugs.gentoo.org/810781
    Bug: https://bugs.gentoo.org/815397
    Bug: https://bugs.gentoo.org/828519
    Bug: https://bugs.gentoo.org/829161
    Bug: https://bugs.gentoo.org/834477
    Bug: https://bugs.gentoo.org/835397
    Bug: https://bugs.gentoo.org/835761
    Bug: https://bugs.gentoo.org/836011
    Bug: https://bugs.gentoo.org/836381
    Bug: https://bugs.gentoo.org/836777
    Bug: https://bugs.gentoo.org/836830
    Bug: https://bugs.gentoo.org/837497
    Bug: https://bugs.gentoo.org/838049
    Bug: https://bugs.gentoo.org/838433
    Bug: https://bugs.gentoo.org/838682
    Bug: https://bugs.gentoo.org/841371
    Bug: https://bugs.gentoo.org/843035
    Bug: https://bugs.gentoo.org/843728
    Bug: https://bugs.gentoo.org/847370
    Bug: https://bugs.gentoo.org/847613
    Bug: https://bugs.gentoo.org/848864
    Bug: https://bugs.gentoo.org/851003
    Bug: https://bugs.gentoo.org/851009
    Bug: https://bugs.gentoo.org/853229
    Bug: https://bugs.gentoo.org/853643
    Bug: https://bugs.gentoo.org/854372
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202208-25.xml | 284 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 284 insertions(+)
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 14:37:45 UTC
GLSA done, all done.