Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 754852 (qt-5.15.2-stable) - <dev-qt/qtwebengine-5.15.2: Multiple vulnerabilities
Summary: <dev-qt/qtwebengine-5.15.2: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: qt-5.15.2-stable
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa+++ cve]
Keywords:
Depends on: 757621 757657
Blocks: qtwebkit-removal
  Show dependency tree
 
Reported: 2020-11-16 02:05 UTC by Sam James
Modified: 2021-01-26 00:23 UTC (History)
1 user (show)

See Also:
Package list:
dev-qt/assistant-5.15.2 amd64 arm64 ppc64 x86 dev-qt/designer-5.15.2 dev-qt/linguist-5.15.2 amd64 arm64 ppc64 x86 dev-qt/linguist-tools-5.15.2 dev-qt/pixeltool-5.15.2 amd64 arm64 ppc64 x86 dev-qt/qdbus-5.15.2 amd64 arm64 ppc ppc64 x86 dev-qt/qdbusviewer-5.15.2 amd64 arm64 ppc64 x86 dev-qt/qdoc-5.15.2 amd64 arm64 x86 dev-qt/qt3d-5.15.2 amd64 arm64 x86 dev-qt/qtbluetooth-5.15.2 amd64 arm arm64 x86 dev-qt/qtcharts-5.15.2 amd64 arm64 x86 dev-qt/qtconcurrent-5.15.2 dev-qt/qtcore-5.15.2-r2 dev-qt/qtdatavis3d-5.15.2 amd64 arm64 x86 dev-qt/qtdbus-5.15.2 dev-qt/qtdeclarative-5.15.2 dev-qt/qtdiag-5.15.2 amd64 x86 dev-qt/qt-docs-5.15.2_p202011130614 amd64 arm64 x86 dev-qt/qtgamepad-5.15.2 amd64 arm64 x86 dev-qt/qtgraphicaleffects-5.15.2 amd64 arm64 ppc ppc64 x86 dev-qt/qtgui-5.15.2-r1 dev-qt/qthelp-5.15.2 dev-qt/qtimageformats-5.15.2 amd64 arm64 ppc64 x86 dev-qt/qtlocation-5.15.2-r1 amd64 arm arm64 x86 dev-qt/qtmultimedia-5.15.2 dev-qt/qtnetwork-5.15.2-r1 dev-qt/qtnetworkauth-5.15.2 amd64 arm64 x86 dev-qt/qtopengl-5.15.2 dev-qt/qtpaths-5.15.2 amd64 arm64 ppc ppc64 x86 dev-qt/qtpositioning-5.15.2 dev-qt/qtprintsupport-5.15.2 dev-qt/qtquickcontrols2-5.15.2 amd64 arm64 x86 dev-qt/qtquickcontrols-5.15.2 amd64 arm64 ppc ppc64 x86 dev-qt/qtscript-5.15.2 amd64 arm64 ppc ppc64 x86 dev-qt/qtscxml-5.15.2 amd64 arm64 x86 dev-qt/qtsensors-5.15.2 amd64 arm arm64 ppc64 x86 dev-qt/qtserialport-5.15.2 dev-qt/qtspeech-5.15.2 amd64 arm64 x86 dev-qt/qtsql-5.15.2 dev-qt/qtsvg-5.15.2 dev-qt/qttest-5.15.2 dev-qt/qttranslations-5.15.2 dev-qt/qtvirtualkeyboard-5.15.2 amd64 arm64 x86 dev-qt/qtwayland-5.15.2-r1 dev-qt/qtwebchannel-5.15.2 amd64 arm arm64 ppc64 x86 dev-qt/qtwebengine-5.15.2 amd64 arm64 x86 dev-qt/qtwebsockets-5.15.2 amd64 arm arm64 ppc64 x86 dev-qt/qtwidgets-5.15.2 dev-qt/qtx11extras-5.15.2 dev-qt/qtxml-5.15.2 dev-qt/qtxmlpatterns-5.15.2
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-11-16 02:05:19 UTC
Batch 1:
Commit: https://code.qt.io/cgit/qt/qtwebengine.git/commit/?h=5.15.2&id=fe08e10e91c640e975990b87f56732ce3d9d16f7
"b1c7f4dd221 [Backport] CVE-2020-6510: Heap buffer overflow in background fetch
9a1f5aa55bf [Backport] CVE-2020-6511: Side-channel information leakage in CSP (1/2)
65a41d539be [Backport] CVE-2020-6511: Side-channel information leakage in CSP (2/2)
c7659e61424 [Backport] CVE-2020-6512: Type Confusion in V8 (1/2)
c3dda9b1ba0 [Backport] CVE-2020-6512: Type Confusion in V8 (2/2)
b6707b23089 [Backport] CVE-2020-6512: Type Confusion in V8 (3/3)
0ea2066f022 [Backport] CVE-2020-6514: Inappropriate implementation in WebRTC
9c0fcb08ccc [Backport] CVE-2020-6518: Use after free in developer tools
cf40f91b1a1 [Backport] CVE-2020-6523: Out of bounds write in Skia
ed4112559e3 [Backport] CVE-2020-6513: Heap buffer overflow in PDFium
6f57596692e [Backport] CVE-2020-6524: Heap buffer overflow in WebAudio
33ea34381ce [Backport] CVE-2020-6526: Inappropriate implementation in iframe sandbox
49583b1502a [Backport] CVE-2020-6529: Inappropriate implementation in WebRTC
d4576fb0757 [Backport] CVE-2020-6535: Insufficient data validation in WebUI
0998aa1143f [Backport] Security bug 1090543
98883838595 [Backport] CVE-2020-6530: Out of bounds memory access in  developer tools
1be41cad096 [Backport] CVE-2020-6531: Side-channel information leakage in scroll to text
71896380867 [Backport] Security bug 1065731
3f13f72f337 [Backport] Security bug 1065122
c8109013cc7 [Backport] CVE-2020-6534: Heap buffer overflow in WebRTC"

Batch 2:
Commit: https://code.qt.io/cgit/qt/qtwebengine.git/commit/?h=5.15.2&id=e924a83f3638c38c17be607c8ec0492a53baf90d
"
8776c7b2c15 [Backport] Security bug 1052492
22d88d240bc [Backport] CVE-2020-6533: Type Confusion in V8.
3c832d33641 [Backport] CVE-2020-6532: Use after free in SCTP
388b838dbb3 [Backport] CVE-2020-6541: Use after free in WebUSB
27fa668c5ee [Backport] Security bug 1102408
d3a76ebde8e [Backport] CVE-2020-6542: Use after free in ANGLE
4694a85f33e [Backport] CVE-2020-6543: Use after free in task scheduling
583f976f9a7 [Backport] CVE-2020-6544: Use after free in media
fa97385b501 [Backport] CVE-2020-6548: Heap buffer overflow in Skia
32655453cd7 [Backport] CVE-2020-6549: Use after free in media
ddcf711e69e [Backport] CVE-2020-6550: Use after free in IndexedDB
6a0f49a17b0 [Backport] CVE-2020-6551: Use after free in WebXR
b385b7bbbe4 [Backport] CVE-2020-6545: Use after free in audio
fe23e656183 [Backport] CVE-2020-6559: Use after free in presentation API
4466538c610 [Backport] Security issue 1102137
c3d07802d40 [Backport] Security issue 1108639
b1c7638148b [Backport] Security issue 1098860
011af517d81 [Backport] CVE-2020-6555: Out of bounds read in WebGL
273005ea959 [Backport] Security bugs 1087629 and 1029569
bdb438eff33 [Backport] Dependency for CVE-2020-6561 (1/2)
c223f423808 [Backport] Dependency for CVE-2020-6561 (2/2)
607bff335b1 [Backport] CVE-2020-6561: Inappropriate implementation in Content Security Policy
ed4b6792e13 [Backport] CVE-2020-6562: Insufficient policy enforcement in Blink
c5637fa9071 [Revert] [build] Remove jumbo build configs"

Batch 3:
Commit: https://code.qt.io/cgit/qt/qtwebengine.git/commit/?h=5.15.2&id=fcbf5e18c921ccad494387da60b36df5c34f1c8f

"2cad1d38b57 [Backport] CVE-2020-6540: Heap buffer overflow in Skia
e1f5ffc2a12 [Backport] CVE-2020-6569: Integer overflow in WebUSB
75b417b86b4 [Backport] CVE-2020-6570: Side-channel information leakage in WebRTC
0785cd83782 [Backport] CVE-2020-6573: Use after free in video
3ddb1e9639a [Backport] CVE-2020-6575: Race in Mojo
e967bb155a0 [Backport] CVE-2020-6576: Use after free in offscreen canvas
40cebfb3051 [Backport] CVE-2020-15959: Insufficient policy enforcement in networking
405e7526583 [Backport] CVE-2020-15965: Out of bounds write in V8
295feb590b1 [Backport] CVE-2020-15963 and CVE-2020-15966
43812fd40d4 [Backport] CVE-2020-15961: Insufficient policy enforcement in extensions
08a25bf9dd2 Only upgrade to WebSocket when WebSocket was requested
2f75c909270 [Backport] CVE-2020-15962: Insufficient policy enforcement in serial
06afd03d826 [Backport] CVE-2020-15960: Out of bounds read in storage
9e5518f06ad [Backport] Security bug 1111149
b627f77e859 [Backport] CVE-2020-15964: Insufficient data validation in media
bc35c7711ad Fix assert when checking if RendererAppContainer feature is enabled
06b27f95d60 [Backport] CVE-2020-6571: Incorrect security UI in Omnibox
8227b9613d1 CVE-2020-15999: Heap buffer overflow in freetype
cc1e87a0d71 [Backport] CVE-2020-15978 Insufficient data validation in navigation
308da5d58b4 [Backport] CVE-2020-15969: Use after free in WebRTC.
9f5fde5b649 [Backport] CVE-2020-15968: Use after free in Blink
97b92535b31 [Backport] CVE-2020-15972: Use after free in audio.
873abc1112c [Backport] CVE-2020-15979: Inappropriate implementation in V8.
c0343ceec47 [Backport] CVE-2020-15976: Use after free in WebXR
e874d48f9e6 [Backport] CVE-2020-15992 Insufficient policy enforcement in networking
956ce06c56c [Backport] CVE-2020-15974: Integer overflow in Blink
4662223422d [Backport] Security bug 1125199
74e26aab318 [Backport] Security bug 1107824
33e9e655166 [Backport] CVE-2020-15977: Insufficient data validation in dialogs.
f6db4999b0e [Backport] CVE-2020—15973: Insufficient policy enforcement in extensions (1/2)
466da17a0cd [Backport] CVE-2020—15973: Insufficient policy enforcement in extensions (2/2)
027c3d7bae7 [Backport] CVE-2020-15989: Uninitialized Use in PDFium
14e9b6f6d3a [Backport] CVE-2020-16003: Use after free in printing
8527c994fe3 [Backport] CVE-2020-16002: Use after free in PDFium
4f461642a79 [Backport] CVE-2020-16001: Use after free in media.
99877493b32 Fixup: [Backport] CVE-2020-16001: Use after free in media
489d6e637e5 [Backport] CVE-2020-15987: Use after free in WebRTC (1/2)
6ef8f4ed829 [Backport] CVE-2020-15987: Use after free in WebRTC (2/2)
9d173d02d5e [Backport] Security bug 1106091
327474aed0e [Backport] CVE-2020-6557: Inappropriate implementation in networking
55b3d183921 [Backport] CVE-2020-15985: Inappropriate implementation in Blink."

Batch 4:
Commit: https://code.qt.io/cgit/qt/qtwebengine.git/commit/?h=5.15.2&id=35c7e9134a1a5e0390c42ea2df06a749255497ff

"[Backport] Security bug 1137608
[Backport] CVE-2020-16011: Heap buffer overflow in UI on Windows.
[Backport] CVE-2020-16009: Inappropriate implementation in V8
[Backport] CVE-2020-16008: Stack buffer overflow in WebRTC
[Backport] CVE-2020-16005: Insufficient policy enforcement in ANGLE
Fix assert when running tests build with -no-webengine-webrtc"
Comment 1 Sam James archtester gentoo-dev Security 2020-11-16 02:05:52 UTC
These will be included in 5.15.2.
Comment 2 Sam James archtester gentoo-dev Security 2020-11-20 10:29:50 UTC
(In reply to Sam James from comment #1)
> These will be included in 5.15.2.

It's out! \o/
Comment 3 John Helmert III (ajak) gentoo-dev Security 2020-11-26 01:46:37 UTC
Please stable when ready.
Comment 4 NATTkA bot gentoo-dev 2020-11-26 01:48:56 UTC Comment hidden (obsolete)
Comment 5 Sam James archtester gentoo-dev Security 2020-12-18 18:18:36 UTC
Can we think about doing this now?
Comment 6 Andreas Sturmlechner gentoo-dev 2020-12-19 10:50:07 UTC
We should do it at the same time with ICU-68.2.
Comment 7 NATTkA bot gentoo-dev 2021-01-02 01:24:55 UTC Comment hidden (obsolete)
Comment 8 Sam James archtester gentoo-dev Security 2021-01-06 23:46:53 UTC
ping
Comment 9 NATTkA bot gentoo-dev 2021-01-07 16:32:57 UTC Comment hidden (obsolete)
Comment 10 NATTkA bot gentoo-dev 2021-01-07 16:50:58 UTC Comment hidden (obsolete)
Comment 11 Sam James archtester gentoo-dev Security 2021-01-09 13:42:13 UTC
arm done
Comment 12 Sam James archtester gentoo-dev Security 2021-01-09 15:15:36 UTC
arm64 done
Comment 13 Sam James archtester gentoo-dev Security 2021-01-09 21:15:55 UTC
x86 done
Comment 14 Sam James archtester gentoo-dev Security 2021-01-09 21:17:16 UTC
ppc64 done
Comment 15 Sam James archtester gentoo-dev Security 2021-01-09 21:18:14 UTC
ppc done
Comment 16 Sam James archtester gentoo-dev Security 2021-01-10 09:05:41 UTC
amd64 done

all arches done
Comment 17 Larry the Git Cow gentoo-dev 2021-01-10 09:54:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=37bcd8a2357a6948aa4d788f6babe299e072c735

commit 37bcd8a2357a6948aa4d788f6babe299e072c735
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2021-01-10 09:53:59 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2021-01-10 09:53:59 +0000

    dev-qt: Security cleanup
    
    Bug: https://bugs.gentoo.org/754852
    Package-Manager: Portage-3.0.12, Repoman-3.0.2
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/assistant/Manifest                          |   1 -
 dev-qt/assistant/assistant-5.15.1.ebuild           |  55 ----
 dev-qt/designer/Manifest                           |   1 -
 dev-qt/designer/designer-5.15.1.ebuild             |  53 ---
 dev-qt/designer/metadata.xml                       |   1 -
 dev-qt/linguist-tools/Manifest                     |   1 -
 dev-qt/linguist-tools/linguist-tools-5.15.1.ebuild |  45 ---
 dev-qt/linguist/Manifest                           |   1 -
 dev-qt/linguist/linguist-5.15.1.ebuild             |  48 ---
 dev-qt/pixeltool/Manifest                          |   1 -
 dev-qt/pixeltool/pixeltool-5.15.1.ebuild           |  21 --
 dev-qt/qdbus/Manifest                              |   1 -
 dev-qt/qdbus/qdbus-5.15.1.ebuild                   |  25 --
 dev-qt/qdbusviewer/Manifest                        |   1 -
 dev-qt/qdbusviewer/qdbusviewer-5.15.1.ebuild       |  45 ---
 dev-qt/qdoc/Manifest                               |   1 -
 dev-qt/qdoc/qdoc-5.15.1.ebuild                     |  28 --
 dev-qt/qt-docs/Manifest                            |  55 ----
 dev-qt/qt-docs/qt-docs-5.15.1_p202009071124.ebuild | 105 ------
 dev-qt/qt3d/Manifest                               |   1 -
 dev-qt/qt3d/qt3d-5.15.1.ebuild                     |  36 ---
 dev-qt/qtbluetooth/Manifest                        |   1 -
 dev-qt/qtbluetooth/qtbluetooth-5.15.1.ebuild       |  33 --
 dev-qt/qtcharts/Manifest                           |   1 -
 dev-qt/qtcharts/qtcharts-5.15.1.ebuild             |  29 --
 dev-qt/qtconcurrent/Manifest                       |   1 -
 dev-qt/qtconcurrent/qtconcurrent-5.15.1.ebuild     |  23 --
 dev-qt/qtcore/Manifest                             |   1 -
 dev-qt/qtcore/qtcore-5.15.1-r1.ebuild              | 104 ------
 dev-qt/qtdatavis3d/Manifest                        |   1 -
 dev-qt/qtdatavis3d/qtdatavis3d-5.15.1.ebuild       |  31 --
 dev-qt/qtdbus/Manifest                             |   1 -
 dev-qt/qtdbus/qtdbus-5.15.1.ebuild                 |  43 ---
 dev-qt/qtdeclarative/Manifest                      |   1 -
 dev-qt/qtdeclarative/qtdeclarative-5.15.1.ebuild   |  57 ----
 dev-qt/qtdiag/Manifest                             |   1 -
 dev-qt/qtdiag/qtdiag-5.15.1.ebuild                 |  35 --
 dev-qt/qtgamepad/Manifest                          |   1 -
 dev-qt/qtgamepad/qtgamepad-5.15.1.ebuild           |  35 --
 dev-qt/qtgraphicaleffects/Manifest                 |   1 -
 .../qtgraphicaleffects-5.15.1.ebuild               |  21 --
 dev-qt/qtgui/Manifest                              |   1 -
 ...-qscreen-geometrychanged-when-dpi-changes.patch |  86 -----
 dev-qt/qtgui/qtgui-5.15.1-r1.ebuild                | 185 -----------
 dev-qt/qthelp/Manifest                             |   1 -
 dev-qt/qthelp/qthelp-5.15.1.ebuild                 |  29 --
 dev-qt/qtimageformats/Manifest                     |   1 -
 dev-qt/qtimageformats/qtimageformats-5.15.1.ebuild |  30 --
 dev-qt/qtlocation/Manifest                         |   1 -
 dev-qt/qtlocation/qtlocation-5.15.1.ebuild         |  47 ---
 dev-qt/qtmultimedia/Manifest                       |   1 -
 dev-qt/qtmultimedia/qtmultimedia-5.15.1.ebuild     |  68 ----
 dev-qt/qtnetwork/Manifest                          |   1 -
 .../files/qtnetwork-5.15.1-libressl.patch          | 359 ---------------------
 dev-qt/qtnetwork/qtnetwork-5.15.1-r1.ebuild        |  68 ----
 dev-qt/qtnetworkauth/Manifest                      |   1 -
 dev-qt/qtnetworkauth/qtnetworkauth-5.15.1.ebuild   |  20 --
 dev-qt/qtopengl/Manifest                           |   1 -
 dev-qt/qtopengl/qtopengl-5.15.1.ebuild             |  34 --
 dev-qt/qtpaths/Manifest                            |   1 -
 dev-qt/qtpaths/qtpaths-5.15.1.ebuild               |  19 --
 dev-qt/qtplugininfo/Manifest                       |   1 -
 dev-qt/qtplugininfo/qtplugininfo-5.15.1.ebuild     |  19 --
 dev-qt/qtpositioning/Manifest                      |   1 -
 dev-qt/qtpositioning/qtpositioning-5.15.1.ebuild   |  40 ---
 dev-qt/qtprintsupport/Manifest                     |   1 -
 dev-qt/qtprintsupport/qtprintsupport-5.15.1.ebuild |  42 ---
 dev-qt/qtquickcontrols/Manifest                    |   1 -
 .../qtquickcontrols/qtquickcontrols-5.15.1.ebuild  |  32 --
 dev-qt/qtquickcontrols2/Manifest                   |   1 -
 .../qtquickcontrols2-5.15.1.ebuild                 |  30 --
 dev-qt/qtquicktimeline/Manifest                    |   1 -
 .../qtquicktimeline/qtquicktimeline-5.15.1.ebuild  |  18 --
 dev-qt/qtscript/Manifest                           |   1 -
 dev-qt/qtscript/qtscript-5.15.1.ebuild             |  36 ---
 dev-qt/qtscxml/Manifest                            |   1 -
 dev-qt/qtscxml/qtscxml-5.15.1.ebuild               |  19 --
 dev-qt/qtsensors/Manifest                          |   1 -
 dev-qt/qtsensors/qtsensors-5.15.1.ebuild           |  28 --
 dev-qt/qtserialbus/Manifest                        |   1 -
 dev-qt/qtserialbus/qtserialbus-5.15.1.ebuild       |  20 --
 dev-qt/qtserialport/Manifest                       |   1 -
 dev-qt/qtserialport/qtserialport-5.15.1.ebuild     |  27 --
 dev-qt/qtspeech/Manifest                           |   1 -
 dev-qt/qtspeech/qtspeech-5.15.1.ebuild             |  20 --
 dev-qt/qtsql/Manifest                              |   1 -
 dev-qt/qtsql/qtsql-5.15.1.ebuild                   |  55 ----
 dev-qt/qtsvg/Manifest                              |   1 -
 dev-qt/qtsvg/qtsvg-5.15.1.ebuild                   |  23 --
 dev-qt/qttest/Manifest                             |   1 -
 dev-qt/qttest/qttest-5.15.1.ebuild                 |  33 --
 dev-qt/qttranslations/Manifest                     |   1 -
 dev-qt/qttranslations/qttranslations-5.15.1.ebuild |  19 --
 dev-qt/qtvirtualkeyboard/Manifest                  |   1 -
 .../qtvirtualkeyboard-5.15.1.ebuild                |  43 ---
 dev-qt/qtwayland/Manifest                          |   1 -
 dev-qt/qtwayland/qtwayland-5.15.1.ebuild           |  39 ---
 dev-qt/qtwebchannel/Manifest                       |   1 -
 dev-qt/qtwebchannel/qtwebchannel-5.15.1.ebuild     |  26 --
 dev-qt/qtwebengine/Manifest                        |   2 -
 .../files/qtwebengine-5.15.1-icu-68.patch          | 260 ---------------
 dev-qt/qtwebengine/metadata.xml                    |   1 -
 dev-qt/qtwebengine/qtwebengine-5.15.1.ebuild       | 158 ---------
 dev-qt/qtwebsockets/Manifest                       |   1 -
 dev-qt/qtwebsockets/qtwebsockets-5.15.1.ebuild     |  27 --
 dev-qt/qtwebview/Manifest                          |   1 -
 dev-qt/qtwebview/qtwebview-5.15.1.ebuild           |  21 --
 dev-qt/qtwidgets/Manifest                          |   1 -
 dev-qt/qtwidgets/qtwidgets-5.15.1.ebuild           |  57 ----
 dev-qt/qtx11extras/Manifest                        |   1 -
 dev-qt/qtx11extras/qtx11extras-5.15.1.ebuild       |  22 --
 dev-qt/qtxml/Manifest                              |   1 -
 dev-qt/qtxml/qtxml-5.15.1.ebuild                   |  29 --
 dev-qt/qtxmlpatterns/Manifest                      |   1 -
 dev-qt/qtxmlpatterns/qtxmlpatterns-5.15.1.ebuild   |  30 --
 115 files changed, 3102 deletions(-)
Comment 18 GLSAMaker/CVETool Bot gentoo-dev 2021-01-26 00:22:28 UTC
This issue was resolved and addressed in
 GLSA 202101-30 at https://security.gentoo.org/glsa/202101-30
by GLSA coordinator Sam James (sam_c).
Comment 19 GLSAMaker/CVETool Bot gentoo-dev 2021-01-26 00:23:13 UTC
This issue was resolved and addressed in
 GLSA 202101-30 at https://security.gentoo.org/glsa/202101-30
by GLSA coordinator Sam James (sam_c).
Comment 20 GLSAMaker/CVETool Bot gentoo-dev 2021-01-26 00:23:19 UTC
This issue was resolved and addressed in
 GLSA 202101-30 at https://security.gentoo.org/glsa/202101-30
by GLSA coordinator Sam James (sam_c).