Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 835761 - <dev-qt/qtwebengine-5.15.3_p20220310: Multiple vulnerabilities...
Summary: <dev-qt/qtwebengine-5.15.3_p20220310: Multiple vulnerabilities...
Status: CONFIRMED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal with 1 vote (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa?]
Keywords: PullRequest
Depends on: 829161 qt-5.15.3-stable
Blocks: 836830
  Show dependency tree
 
Reported: 2022-03-21 19:28 UTC by Andreas Sturmlechner
Modified: 2022-04-17 19:43 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Andreas Sturmlechner gentoo-dev 2022-04-05 10:58:12 UTC
https://code.qt.io/cgit/qt/qtwebengine.git/commit/?h=5.15&id=f206c05a9dc6c2391b10762b6038f65fdb6818b6

Update Chromium
Submodule src/3rdparty: 48a205f9..ab3a3447:
  > [Backport] CVE-2022-0108: Inappropriate implementation in Navigation
  > [Backport] Dependency for CVE-2022-0108
  > Bump V8_PATCH_LEVEL
  > [Backport] CVE-2022-0111 and CVE-2022-0117 (2/2)
  > [Backport] CVE-2022-0111 and CVE-2022-0117 (1/2)
  > [Backport] Dependency for CVE-2022-0111 and CVE-2022-0117
  > [Backport] CVE-2022-0310 and CVE-0311: Heap buffer overflow in Task Manager
  > [Backport] CVE-2022-23852
  > [Backport] Security bug 1289394
  > [Backport] CVE-2022-0608: Integer overflow in Mojo
  > [Backport] Security bug 1270014
  > [Backport] Security bug 1261415
  > [Backport] CVE-2022-0291: Inappropriate implementation in Storage
  > [Backport] CVE-2022-0293: Use after free in Web packaging
  > [Backport] CVE-2022-0607: Use after free in GPU
  > [Backport] CVE-2022-0610: Inappropriate implementation in Gamepad API
  > [Backport] CVE-2022-0606: Use after free in ANGLE
  > [Backport] Security bug 1292537
  > [Backport] CVE-2022-0609: Use after free in Animation
  > [Backport] Security bug 1265570
  > [Backport] CVE-2022-0116: Inappropriate implementation in Compositing
  > [Backport] Dependency for CVE-2022-0116
  > [Backport] CVE-2022-0102: Type Confusion in V8
  > [Backport] Security bug 1256885
  > [Backport] CVE-2022-0460: Use after free in Window Dialog
  > [Backport] CVE-2022-0459: Use after free in Screen Capture
  > [Backport] CVE-2022-0461: Policy bypass in COOP
  > [Backport] Security bug 1280743
  > [Backport] Security bug 1274113
  > [Backport] CVE-2022-0456: Use after free in Web Search
  > [Backport] CVE-2022-0298: Use after free in Scheduling
  > [Backport] Security bug 1276331
  > [Backport] CVE-2022-0305: Inappropriate implementation in Service Worker API
  > [Backport] CVE-2022-0306: Heap buffer overflow in PDFium
  > [Backport] CVE-2022-0289: Use after free in Safe browsing
  > [Backport] CVE-2022-0100: Heap buffer overflow in Media streams API
  > [Backport] CVE-2022-0113: Inappropriate implementation in Blink
  > [Backport] Security bug 1258603
  > [Backport] Security bug 1259557
  > [Backport] CVE-2022-0103: Use after free in SwiftShader
  > [Backport] CVE-2022-0109: Inappropriate implementation in Autofill (2/2)
  > [Backport] CVE-2022-0109: Inappropriate implementation in Autofill (1/2)
  > [Backport] CVE-2022-0104: Heap buffer overflow in ANGLE
  > [Backport] Security bug 1268448
  > Replace base::ranges::set_union with std::set_union to fix MSVC2017 build
Comment 2 Larry the Git Cow gentoo-dev 2022-04-17 19:29:22 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bcd3f4c1d0d989c0858270e2f4bf3a83f6da9fc7

commit bcd3f4c1d0d989c0858270e2f4bf3a83f6da9fc7
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2022-04-15 21:36:17 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-04-17 19:27:34 +0000

    dev-qt/qtwebengine: Cleanup vulnerable 5.15.2_p20211216
    
    Bug: https://bugs.gentoo.org/836830
    Bug: https://bugs.gentoo.org/835761
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 -
 ...ngine-5.15.2_p20211210-sandbox-glibc-2.34.patch |  27 ---
 .../qtwebengine-5.15.2_p20211216.ebuild            | 266 ---------------------
 3 files changed, 294 deletions(-)
Comment 3 Andreas Sturmlechner gentoo-dev 2022-04-17 19:39:57 UTC
Cleanup done. Thx @sam.