787950 – <dev-qt/qtwebengine-5.15.2_p20210421: Multiple vulnerabilities

Bug 787950 - <dev-qt/qtwebengine-5.15.2_p20210421: Multiple vulnerabilities

Summary: <dev-qt/qtwebengine-5.15.2_p20210421: Multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	A2 [glsa+]
Keywords:	PullRequest

Depends on:	773040
Blocks:	800181
	Show dependency tree

Reported:	2021-05-03 18:42 UTC by Andreas Sturmlechner
Modified:	2022-08-14 14:36 UTC (History)
CC List:	1 user (show)

See Also:	CVE-2021-21222, CVE-2021-21223, CVE-2021-21224, CVE-2021-21225, CVE-2021-21226 CVE-2021-21201, CVE-2021-21202, CVE-2021-21203, CVE-2021-21204, CVE-2021-21205, CVE-2021-21207, CVE-2021-21208, CVE-2021-21209, CVE-2021-21210, CVE-2021-21211, CVE-2021-21212, CVE-2021-21213, CVE-2021-21214, CVE-2021-21215, CVE-2021-21216, CVE-2021-21217, CVE-2021-21218, CVE-2021-21219, CVE-2021-21221 CVE-2021-21206, CVE-2021-21220 CVE-2021-21194, CVE-2021-21195, CVE-2021-21196, CVE-2021-21197, CVE-2021-21198, CVE-2021-21199 CVE-2021-21191, CVE-2021-21192, CVE-2021-21193 CVE-2021-21159, CVE-2021-21160, CVE-2021-21161, CVE-2021-21162, CVE-2021-21163, CVE-2021-21165, CVE-2021-21166, CVE-2021-21167, CVE-2021-21168, CVE-2021-21169, CVE-2021-21170, CVE-2021-21171, CVE-2021-21172, CVE-2021-21173, CVE-2021-21174, CVE-2021-21175, CVE-2021-21176, CVE-2021-21177, CVE-2021-21178, CVE-2021-21179, CVE-2021-21180, CVE-2021-21181, CVE-2021-21182, CVE-2021-21183, CVE-2021-21184, CVE-2021-21185, CVE-2021-21186, CVE-2021-21187, CVE-2021-21188, CVE-2021-21189, CVE-2021-21190 CVE-2021-21117, CVE-2021-21118, CVE-2021-21119, CVE-2021-21120, CVE-2021-21121, CVE-2021-21122, CVE-2021-21123, CVE-2021-21124, CVE-2021-21125, CVE-2021-21126, CVE-2021-21127, CVE-2021-21128, CVE-2021-21129, CVE-2021-21130, CVE-2021-21131, CVE-2021-21132, CVE-2021-21133, CVE-2021-21134, CVE-2021-21135, CVE-2021-21136, CVE-2021-21137, CVE-2021-21138, CVE-2021-21139, CVE-2021-21140, CVE-2021-21141 https://github.com/gentoo/gentoo/pull/20688
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Sturmlechner gentoo-dev

2021-05-03 18:42:19 UTC

Too many really to keep track of.

See also: https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based&qt=range&q=3f594ea1

Comment 1 NATTkA bot gentoo-dev

2021-05-03 18:44:20 UTC Comment hidden (obsolete)

Unable to check for sanity:

> package masked: dev-qt/qtwebengine-5.15.2_p20210421

Comment 2 Larry the Git Cow gentoo-dev

2021-05-06 20:09:36 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=39f0ab3ba085648310449bdb6cf8ae9c9ffbef3a

commit 39f0ab3ba085648310449bdb6cf8ae9c9ffbef3a
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2021-05-04 23:22:07 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2021-05-06 20:04:04 +0000

    profiles: Unmask all the things
    
    - app-office/libreoffice-7.1.3.2
    - app-office/libreoffice-l10n-7.1.3.2
    - app-text/poppler-21.05.0
    - dev-libs/boost-1.76.0
    - dev-util/boost-build-1.76.0
    - dev-libs/icu-69.1
    - dev-libs/icu-layoutex-69.1
    - dev-qt/qtwebengine-5.15.2_p20210421
    
    Bug: https://bugs.gentoo.org/787950
    Bug: https://bugs.gentoo.org/788112
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 profiles/package.mask | 20 --------------------
 1 file changed, 20 deletions(-)

Comment 3 NATTkA bot gentoo-dev

2021-05-06 20:16:34 UTC Comment hidden (obsolete)

All sanity-check issues have been resolved

Comment 4 Sam James archtester

2021-06-01 09:00:06 UTC

x86 done

Comment 5 Sam James archtester

2021-06-01 09:00:09 UTC

amd64 done

Comment 6 Sam James archtester

2021-06-01 10:47:41 UTC

arm64 done

all arches done

Comment 7 John Helmert III archtester

2021-06-02 02:23:09 UTC

Please cleanup

Comment 8 Larry the Git Cow gentoo-dev

2021-06-14 09:25:47 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=34183adb0b20533e5a61c1ab863ace6108193aa7

commit 34183adb0b20533e5a61c1ab863ace6108193aa7
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2021-06-14 09:25:07 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2021-06-14 09:25:36 +0000

    dev-qt/qtwebengine: 5.15.2_p20210224 security cleanup
    
    Bug: https://bugs.gentoo.org/787950
    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 -
 ...-5.15.2_p20210224-fix-crash-w-app-locales.patch | 135 ---------------
 .../qtwebengine-5.15.2_p20210224.ebuild            | 189 ---------------------
 3 files changed, 325 deletions(-)

Comment 9 NATTkA bot gentoo-dev

2021-07-22 09:36:23 UTC Comment hidden (obsolete)

Unable to check for sanity:

> no match for package: dev-qt/qtwebengine-5.15.2_p20210421

Comment 10 Andreas Sturmlechner gentoo-dev

2021-07-26 18:36:07 UTC

qt proj done anyway, ping security.

Comment 11 NATTkA bot gentoo-dev

2021-07-26 18:40:26 UTC Comment hidden (obsolete)

Resetting sanity check; package list is empty or all packages are done.

Comment 12 NATTkA bot gentoo-dev

2021-07-29 17:22:35 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 13 NATTkA bot gentoo-dev

2021-07-29 17:30:51 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 14 NATTkA bot gentoo-dev

2021-07-29 17:38:47 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 15 NATTkA bot gentoo-dev

2021-07-29 17:46:57 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 16 NATTkA bot gentoo-dev

2021-07-29 18:02:54 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 17 NATTkA bot gentoo-dev

2021-07-29 18:11:13 UTC

Package list is empty or all packages have requested keywords.

Comment 18 John Helmert III archtester

2022-08-14 04:59:00 UTC

GLSA request filed

Comment 19 Larry the Git Cow gentoo-dev

2022-08-14 14:34:09 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5

commit 3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-14 14:29:30 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-14 14:33:57 +0000

    [ GLSA 202208-25 ] Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/773040
    Bug: https://bugs.gentoo.org/787950
    Bug: https://bugs.gentoo.org/800181
    Bug: https://bugs.gentoo.org/810781
    Bug: https://bugs.gentoo.org/815397
    Bug: https://bugs.gentoo.org/828519
    Bug: https://bugs.gentoo.org/829161
    Bug: https://bugs.gentoo.org/834477
    Bug: https://bugs.gentoo.org/835397
    Bug: https://bugs.gentoo.org/835761
    Bug: https://bugs.gentoo.org/836011
    Bug: https://bugs.gentoo.org/836381
    Bug: https://bugs.gentoo.org/836777
    Bug: https://bugs.gentoo.org/836830
    Bug: https://bugs.gentoo.org/837497
    Bug: https://bugs.gentoo.org/838049
    Bug: https://bugs.gentoo.org/838433
    Bug: https://bugs.gentoo.org/838682
    Bug: https://bugs.gentoo.org/841371
    Bug: https://bugs.gentoo.org/843035
    Bug: https://bugs.gentoo.org/843728
    Bug: https://bugs.gentoo.org/847370
    Bug: https://bugs.gentoo.org/847613
    Bug: https://bugs.gentoo.org/848864
    Bug: https://bugs.gentoo.org/851003
    Bug: https://bugs.gentoo.org/851009
    Bug: https://bugs.gentoo.org/853229
    Bug: https://bugs.gentoo.org/853643
    Bug: https://bugs.gentoo.org/854372
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202208-25.xml | 284 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 284 insertions(+)

Comment 20 Sam James archtester

2022-08-14 14:36:04 UTC

GLSA done, all done.