Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 903544

Summary: <dev-qt/qtwebengine-5.15.8_p20230313: Multiple vulnerabilities...
Product: Gentoo Security Reporter: Andreas Sturmlechner <asturm>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: qt
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 888181, 903115    
Bug Blocks: 883697, 885851, 890726, 904290    

Description Andreas Sturmlechner gentoo-dev 2023-03-29 14:48:27 UTC
Not found 
  * [Backport] CVE-2023-0933: Integer overflow in PDF
  * [Backport] CVE-2023-0931: Use after free in Video
  * [Backport] CVE-2023-0698: Out of bounds read in WebRTC
  * [Backport] CVE-2023-0472: Use after free in WebRTC

  * [Backport] Security bug 1406115
  * [Backport] Security bug 1393384
  * [Backport] Security bug 1399424
  * [Backport] CVE-2023-0129: Heap buffer overflow in Network Service
  * [Backport] Security bug 1394382
  * [Backport] CVE-2022-4437: Use after free in Mojo IPC
  * [Backport] CVE-2022-4438: Use after free in Blink Frames
  * [Backport] CVE-2022-4179: Use after free in Audio
Comment 1 Larry the Git Cow gentoo-dev 2023-04-09 20:17:31 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad78682a89f566aac4a43ee935038e6068212b84

commit ad78682a89f566aac4a43ee935038e6068212b84
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2023-04-09 20:11:23 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2023-04-09 20:17:05 +0000

    dev-qt/qtwebengine: Cleanup vulnerable 5.15.8_p20230112
    
    Bug: https://bugs.gentoo.org/903544
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   3 -
 ...qtwebengine-5.15.2-disable-fatal-warnings.patch |  12 -
 ...ine-5.15.2_p20210224-chromium-87-v8-icu68.patch | 192 ---------
 .../qtwebengine-5.15.2_p20210224-disable-git.patch |  15 -
 ...gine-5.15.2_p20211015-pdfium-system-lcms2.patch |  79 ----
 .../qtwebengine-5.15.3_p20220329-clang14.patch     |  42 --
 .../qtwebengine-5.15.3_p20220406-ffmpeg5.patch     | 169 --------
 ...webengine-5.15.3_p20220406-gcc12-includes.patch |  32 --
 .../qtwebengine-5.15.3_p20220505-extra-gn.patch    |  10 -
 ...gine-5.15.8_p20230106-v8-opcode-constexpr.patch |  43 --
 .../qtwebengine-5.15.8_p20230106-widevine.patch    |  82 ----
 .../files/qtwebengine-5.15.8_p20230112-gcc13.patch | 431 ---------------------
 .../qtwebengine-5.15.8_p20230112.ebuild            | 285 --------------
 13 files changed, 1395 deletions(-)
Comment 2 Larry the Git Cow gentoo-dev 2023-11-25 09:51:13 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=dd9cd4b6340b04f214138bcc4ca322bc52441f35

commit dd9cd4b6340b04f214138bcc4ca322bc52441f35
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-11-25 09:50:35 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-11-25 09:51:04 +0000

    [ GLSA 202311-11 ] QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/866332
    Bug: https://bugs.gentoo.org/888181
    Bug: https://bugs.gentoo.org/903544
    Bug: https://bugs.gentoo.org/904290
    Bug: https://bugs.gentoo.org/906857
    Bug: https://bugs.gentoo.org/909778
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202311-11.xml | 163 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 163 insertions(+)