| Summary: | <dev-qt/qtwebengine-5.15.11_p20231120: Multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Andreas Sturmlechner <asturm> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | qt |
| Priority: | Normal | Keywords: | PullRequest |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | https://github.com/gentoo/gentoo/pull/33688 | ||
| Whiteboard: | A2 [glsa+] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 913050, 915391 | ||
| Bug Blocks: | 913710, 915560, 916620, 917021, 917357 | ||
|
Description
Andreas Sturmlechner
2023-10-09 08:43:47 UTC
* [Backport] CVE-2023-5482 and CVE-2023-584987-based * [Backport] CVE-2023-45853: Buffer overflow in MiniZip (2/2) * [Backport] CVE-2023-45853: Buffer overflow in MiniZip (1/2) * [Backport] Security bug 1478470 * [Backport] Security bug 1472365 and 1472366 * [Backport] CVE-2023-5218: Use after free in Site Isolation * [Backport] Security bug 1486316 * FIXUP: [Backport] [PA] Support 16kb pagesize on Linux+ARM64 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9ece4c319deb63cf49047133934814290422e0ad commit 9ece4c319deb63cf49047133934814290422e0ad Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2023-11-06 10:46:26 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2023-11-06 18:10:30 +0000 dev-qt/qtwebengine: drop 5.15.11_p20231019 Bug: https://bugs.gentoo.org/915465 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> dev-qt/qtwebengine/Manifest | 1 - .../qtwebengine-5.15.11_p20231019.ebuild | 270 --------------------- 2 files changed, 271 deletions(-) Bumping to dev-qt/qtwebengine-5.15.11_p20231120 then, fixes: * [Backport] CVE-2023-6112: Use after free in Navigation * [Backport] CVE-2023-5997: Use after free in Garbage Collection * [Backport] CVE-2023-5996: Use after free in WebAudio The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6616f0c736292450b52fe503cc1a904e55947ded commit 6616f0c736292450b52fe503cc1a904e55947ded Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2023-11-25 16:11:02 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2023-11-25 16:11:29 +0000 dev-qt/qtwebengine: Cleanup vulnerable 5.15.11_p20231102 Bug: https://bugs.gentoo.org/915465 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> dev-qt/qtwebengine/Manifest | 1 - .../qtwebengine-5.15.11_p20231102.ebuild | 283 --------------------- 2 files changed, 284 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=33421161add23e707a21bf30329af848c2577694 commit 33421161add23e707a21bf30329af848c2577694 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-12-22 10:51:22 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-12-22 10:51:49 +0000 [ GLSA 202312-07 ] QtWebEngine: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/913050 Bug: https://bugs.gentoo.org/915465 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202312-07.xml | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) |