Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 773040 - <dev-qt/qtwebengine-5.15.2_p20210224: Multiple vulnerabilities
Summary: <dev-qt/qtwebengine-5.15.2_p20210224: Multiple vulnerabilities
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-26 13:40 UTC by Andreas Sturmlechner
Modified: 2021-03-24 12:57 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Sturmlechner gentoo-dev 2021-02-26 13:40:50 UTC
Snapshot in preparation.

See also: https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based&qt=grep&q=CVE
Comment 1 Larry the Git Cow gentoo-dev 2021-02-26 21:19:35 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b17a3763239b411e863259e928b496bea2b9d051

commit b17a3763239b411e863259e928b496bea2b9d051
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2021-02-26 13:35:44 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2021-02-26 21:19:23 +0000

    dev-qt/qtwebengine: 5.15.2_p20210224 bump
    
    Snapshotted at:
    Branch: 5.15
    Commit: 0b5f110234256eabaa264189d9117069f2a2d144
    
    Submodule qtwebengine-chromium.git:
    Branch: 87-based
    Commit: 0eea95b24a9ed61c185adeeb787fb5b62e8f4537
    
    V8-ICU-68 runtime fix:
    Thanks-to: Stephan Hartmann <sultan@gentoo.org>
    
    Bug: https://bugs.gentoo.org/773040
    Package-Manager: Portage-3.0.15, Repoman-3.0.2
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |  2 +-
 ...2_p20210220-fixup-CVE-2021-21149-backport.patch | 42 ----------------------
 ...ne-5.15.2_p20210224-chromium-87-v8-icu68.patch} |  0
 ...qtwebengine-5.15.2_p20210224-disable-git.patch} |  0
 dev-qt/qtwebengine/metadata.xml                    |  1 +
 ....ebuild => qtwebengine-5.15.2_p20210224.ebuild} | 11 +++---
 6 files changed, 7 insertions(+), 49 deletions(-)
Comment 2 John Helmert III gentoo-dev Security 2021-02-27 01:18:51 UTC
As these browser things go, let's presume there's code execution somewhere. Thank you for the report. Please proceed with stabilization when ready.
Comment 3 Andreas Sturmlechner gentoo-dev 2021-03-04 23:16:35 UTC
Let's not waste any more time then.
Comment 4 Thomas Deutschmann gentoo-dev Security 2021-03-06 15:11:37 UTC
x86 stable
Comment 5 Sam James archtester gentoo-dev Security 2021-03-06 18:37:39 UTC
amd64 done
Comment 6 Sam James archtester gentoo-dev Security 2021-03-07 19:44:18 UTC
arm64 done

all arches done
Comment 7 John Helmert III gentoo-dev Security 2021-03-07 19:52:01 UTC
Please cleanup.
Comment 8 Andreas Sturmlechner gentoo-dev 2021-03-08 17:35:11 UTC
Cleanup is currently blocked by

- ~ppc64
- bug 773919
Comment 9 Andreas Sturmlechner gentoo-dev 2021-03-12 21:09:39 UTC
bug 773919 should be no longer blocking us, just waiting for ~ppc64 to catch up now.
Comment 10 Larry the Git Cow gentoo-dev 2021-03-24 12:15:40 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f16bf0c1808fac00085c2ef8833879ed39642425

commit f16bf0c1808fac00085c2ef8833879ed39642425
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2021-03-24 12:14:09 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2021-03-24 12:14:47 +0000

    dev-qt/qtwebengine: 5.15.2 security cleanup
    
    Bug: https://bugs.gentoo.org/773040
    Package-Manager: Portage-3.0.17, Repoman-3.0.2
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   2 -
 .../qtwebengine-5.15.2-icu-68-v8-runtime-fix.patch | 170 ------------
 .../files/qtwebengine-5.15.2-icu-68.patch          | 302 ---------------------
 dev-qt/qtwebengine/qtwebengine-5.15.2.ebuild       | 172 ------------
 4 files changed, 646 deletions(-)