Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 888181

Summary: <dev-qt/qtwebengine-5.15.8_p20230112: Multiple vulnerabilities...
Product: Gentoo Security Reporter: Andreas Sturmlechner <asturm>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: qt
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=883697
https://github.com/gentoo/gentoo/pull/28805
Whiteboard: A2 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 866332, 888946    
Bug Blocks: 873214, 883697, 885851, 903544    

Description Andreas Sturmlechner gentoo-dev 2022-12-24 16:33:52 UTC 
In anticipation of Qt 5.15.8 bump early next year...


[Backport] CVE-2022-4179: Use after free in Audio87-based
Fixup for patch for CVE-2022-3200 on OpenSuse 15.1
[Backport] CVE-2022-4262: Type Confusion in V8
Bump V8_PATCH_LEVEL
[Backport] CVE-2022-4174: Type Confusion in V8
[Backport] CVE-2022-4180: Use after free in Mojo
[Backport] CVE-2022-4181: Use after free in Forms
[Backport] CVE-2022-3201: Insufficient validation of untrusted input in Devel...
[Backport] Security bug 1378916
Comment 1 Larry the Git Cow gentoo-dev 2023-01-08 21:45:09 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0246bf815604f1c99d0a57896a9ed6bd3e18ca9

commit b0246bf815604f1c99d0a57896a9ed6bd3e18ca9
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2023-01-08 21:05:42 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2023-01-08 21:44:58 +0000

    dev-qt/qtwebengine: add 5.15.8_p20230106
    
    Snapshotted at:
    Branch: 5.15
    Commit: 38e0df6c6e5a1186b68df9b3d6f4cafbb211f2da
    
    Submodule qtwebengine-chromium.git:
    Branch: 87-based
    Commit: ce9155cc73d8a94f1536b96e841c0aee2ff7d921
    
    Patched with security patches up to Chromium version: 98.0.4758.102
    
    Bug: https://bugs.gentoo.org/888181
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 +
 ...gine-5.15.8_p20230106-v8-opcode-constexpr.patch |  43 ++++
 .../qtwebengine-5.15.8_p20230106-widevine.patch    |  82 ++++++
 .../qtwebengine-5.15.8_p20230106.ebuild            | 284 +++++++++++++++++++++
 4 files changed, 410 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2023-01-15 12:36:48 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90c0da93ba084e79f9e5468d1b3759bc0a351a89

commit 90c0da93ba084e79f9e5468d1b3759bc0a351a89
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2023-01-14 12:12:33 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2023-01-15 12:36:32 +0000

    dev-qt/qtwebengine: add 5.15.8_p20230112
    
    Fixes CVE-2022-4437 and CVE-2022-4438.
    
    Snapshotted at:
    Branch: 5.15
    Commit: 38e0df6c6e5a1186b68df9b3d6f4cafbb211f2da
    
    Submodule qtwebengine-chromium.git:
    Branch: 87-based
    Commit: 97a1254923022e66fa75245c3ace64f58112cba6
    
    Patched with security patches up to Chromium version: 98.0.4758.102
    
    Bug: https://bugs.gentoo.org/888946
    Bug: https://bugs.gentoo.org/888181
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 +
 .../qtwebengine-5.15.8_p20230112.ebuild            | 284 +++++++++++++++++++++
 2 files changed, 285 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2023-01-24 09:45:00 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eaa7be44ddbf8aa370024de0ccfe9b96b6df3637

commit eaa7be44ddbf8aa370024de0ccfe9b96b6df3637
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2023-01-23 19:22:32 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2023-01-24 09:34:52 +0000

    dev-qt/qtwebengine: cleanup vulnerable 5.15.7_p20221122
    
    Bug: https://bugs.gentoo.org/888181
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 -
 .../qtwebengine-5.15.7_p20221122.ebuild            | 282 ---------------------
 2 files changed, 283 deletions(-)
Comment 4 Larry the Git Cow gentoo-dev 2023-11-25 09:51:10 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=dd9cd4b6340b04f214138bcc4ca322bc52441f35

commit dd9cd4b6340b04f214138bcc4ca322bc52441f35
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-11-25 09:50:35 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-11-25 09:51:04 +0000

    [ GLSA 202311-11 ] QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/866332
    Bug: https://bugs.gentoo.org/888181
    Bug: https://bugs.gentoo.org/903544
    Bug: https://bugs.gentoo.org/904290
    Bug: https://bugs.gentoo.org/906857
    Bug: https://bugs.gentoo.org/909778
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202311-11.xml | 163 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 163 insertions(+)