679650 – <dev-qt/qtwebengine-5.12.2: Use-after-free in FileReader (CVE-2019-5786)

Bug 679650 - <dev-qt/qtwebengine-5.12.2: Use-after-free in FileReader (CVE-2019-5786)

Summary: <dev-qt/qtwebengine-5.12.2: Use-after-free in FileReader (CVE-2019-5786)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://bugreports.qt.io/browse/QTBUG...
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:	qt-5.12.3-stable
Blocks:	CVE-2019-5786
	Show dependency tree

Reported:	2019-03-06 22:37 UTC by GLSAMaker/CVETool Bot
Modified:	2019-08-09 21:19 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2019-03-06 22:37:53 UTC

CVE-2019-5786 (https://nvd.nist.gov/vuln/detail/CVE-2019-5786):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2019-03-06 22:39:56 UTC

https://gitweb.gentoo.org/proj/qt.git/commit/?id=32d376215b9ba05ff3d8abe9b76a36b08b1a6f7b

Comment 2 Michael Palimaka (kensington) gentoo-dev

2019-03-31 10:43:54 UTC

This is fixed in 5.12.2, with no ETA on stabilisation at this stage.

Comment 3 Andreas Sturmlechner gentoo-dev

2019-06-06 20:40:05 UTC

Cleanup done in 399317bde8cd3cf248fdec679bc9f17107197065.