Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 927746

Summary: <dev-qt/qtwebengine-5.15.13_p20240322: Multiple vulnerabilities
Product: Gentoo Security Reporter: Andreas Sturmlechner <asturm>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: qt
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/36106
https://bugs.gentoo.org/show_bug.cgi?id=931960
Whiteboard: A2 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 922189, 927748    
Bug Blocks: 923966, 922903, 923370    

Description Andreas Sturmlechner gentoo-dev 2024-03-24 19:25:27 UTC 
[Backport] Security bug 325296797
Fixup for: Fixup for [Backport] Security bug 1519980
[Backport] CVE-2024-1059: Use after free in WebRTC
[Backport] Security bug 1518994
Fixup for [Backport] Security bug 1519980
[Backport] CVE-2024-1283: Heap buffer overflow in Skia
[Backport] CVE-2024-1060: Use after free in Canvas
[Backport] CVE-2024-1077: Use after free in Network
[Backport] Security bug 1519980
[Backport] CVE-2024-0808: Integer underflow in WebUI
[Backport] CVE-2024-0807: Use after free in WebAudio
[Backport] Security bug 1511689
Comment 1 Larry the Git Cow gentoo-dev 2024-04-05 15:01:20 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01b2aa626e4e6ba9171d4194c47e2ad74a53f41d

commit 01b2aa626e4e6ba9171d4194c47e2ad74a53f41d
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2024-04-04 18:34:51 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2024-04-05 15:00:59 +0000

    dev-qt/qtwebengine: drop 5.15.12_p20240122
    
    Closes: https://bugs.gentoo.org/636242
    Bug: https://bugs.gentoo.org/927746
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   4 -
 .../qtwebengine-5.15.12_p20240122.ebuild           | 279 ---------------------
 2 files changed, 283 deletions(-)
Comment 2 Larry the Git Cow gentoo-dev 2024-05-05 08:20:27 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=adc29f075f4d42d41919d75c72e68c5da42f5035

commit adc29f075f4d42d41919d75c72e68c5da42f5035
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-05-05 08:20:02 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-05-05 08:20:22 +0000

    [ GLSA 202405-14 ] QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/927746
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202405-14.xml | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)