Bug 913050

Summary:	<dev-qt/qtwebengine-5.15.10_p20230815: Multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Andreas Sturmlechner <asturm>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	qt
Priority:	Normal	Keywords:	PullRequest
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://github.com/gentoo/gentoo/pull/33688
Whiteboard:	A2 [glsa+]
Package list:		Runtime testing required:	---
Bug Depends on:	909778, 913051, 915391
Bug Blocks:	911675, 915465

Description Andreas Sturmlechner gentoo-dev

2023-08-26 11:55:01 UTC

* [Backport] Security bug 1465224
* [Backport] Dependency for security bug 1465224
* [Backport] CVE-2023-4071: Heap buffer overflow in Visuals
* [Backport] CVE-2023-4076: Use after free in WebRTC
* [Backport] CVE-2023-4074: Use after free in Blink Task Scheduling
* [Backport] Security bug 1454860	Philipp Hancke

Comment 1 Larry the Git Cow gentoo-dev

2023-08-26 11:56:51 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f371276d06c8bb67cfbcefcded9114b7eaac2c49

commit f371276d06c8bb67cfbcefcded9114b7eaac2c49
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2023-08-26 11:37:26 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2023-08-26 11:56:28 +0000

    dev-qt/qtwebengine: add 5.15.10_p20230815
    
    Bug: https://bugs.gentoo.org/913050
    Bug: https://bugs.gentoo.org/913051
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   2 +
 .../qtwebengine-5.15.10_p20230815.ebuild           | 267 +++++++++++++++++++++
 2 files changed, 269 insertions(+)

Comment 2 Larry the Git Cow gentoo-dev

2023-11-06 18:11:00 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e08b418838581c66ea1fe3d052b3e6f7380035ce

commit e08b418838581c66ea1fe3d052b3e6f7380035ce
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2023-11-06 09:40:30 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2023-11-06 18:10:30 +0000

    dev-qt/qtwebengine: drop 5.15.10_p20230623, 5.15.10_p20230815
    
    Bug: https://bugs.gentoo.org/913050
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   3 -
 .../qtwebengine-5.15.10_p20230623-clang16.patch    |  15 --
 ...ne-5.15.10_p20230623-ffmpeg-binutils-2.41.patch |  75 ------
 .../qtwebengine-5.15.10_p20230623.ebuild           | 273 ---------------------
 .../qtwebengine-5.15.10_p20230815.ebuild           | 267 --------------------
 5 files changed, 633 deletions(-)

Comment 3 Andreas Sturmlechner gentoo-dev

2023-11-25 16:17:39 UTC

(In reply to Larry the Git Cow from comment #2)
> commit e08b418838581c66ea1fe3d052b3e6f7380035ce
> Author:     Andreas Sturmlechner <asturm@gentoo.org>
> AuthorDate: 2023-11-06 09:40:30 +0000
> Commit:     Andreas Sturmlechner <asturm@gentoo.org>
> CommitDate: 2023-11-06 18:10:30 +0000
> 
>     dev-qt/qtwebengine: drop 5.15.10_p20230623, 5.15.10_p20230815
That was a cleanup, fyi.

Comment 4 Larry the Git Cow gentoo-dev

2023-12-22 10:51:59 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=33421161add23e707a21bf30329af848c2577694

commit 33421161add23e707a21bf30329af848c2577694
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-12-22 10:51:22 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-12-22 10:51:49 +0000

    [ GLSA 202312-07 ] QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/913050
    Bug: https://bugs.gentoo.org/915465
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202312-07.xml | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 87 insertions(+)