Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 847613 - <dev-qt/qtwebengine-5.15.4_p20220526: Multiple vulnerabilities...
Summary: <dev-qt/qtwebengine-5.15.4_p20220526: Multiple vulnerabilities...
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa?]
Keywords:
Depends on: 836830 boost-1.79-stable, qt-5.15.4-stable
Blocks: 853229
  Show dependency tree
 
Reported: 2022-05-26 19:33 UTC by Andreas Sturmlechner
Modified: 2022-06-20 19:22 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Sturmlechner gentoo-dev 2022-05-26 19:33:42 UTC
Update Chromium
Submodule src/3rdparty 0d984c7f..caba2fcb:

  > Bump V8_PATCH_LEVEL
  > [Backport] Security bug 1306507
  > [Backport] Security bug 1304659
  > [Backport] Security bug 1269999
  > [Backport] Roll libxml from a46e85f6 to dea91c97
  > [Backport] Roll libxml from bfd2f430 to a46e85f6
  > [Backport] Roll libxml to bfd2f430
  > [Backport] Roll libxml to 7279d236
  > [Backport] Roll libxml to f93ca3e1
  > [Backport] Security bug 1292905
  > [Backport] CVE-2022-1314: Type Confusion in V8
  > [Backport] CVE-2022-1310: Use after free in regular expressions
  > [Backport] CVE-2022-1305: Use after free in storage
  > [Backport] CVE-2022-1125
  > [Backport] Security bug 1280852
  > [Backport] Secuirity Bug 1296876
  > [Backport] CVE-2022-0978: Use after free in ANGLE
  > [Backport] CVE-2022-1493: Use after free in Dev Tools
  > [Backport] CVE-2022-1138: Inappropriate implementation in Web Cursor.
  > Quick fix for regression in service workers by reverting backports
  > [Backport] CVE-2022-0797: Out of bounds memory access in Mojo
Comment 1 Larry the Git Cow gentoo-dev 2022-05-26 19:35:34 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa0ed801438935af8cd8896d5b788483e7893fa1

commit fa0ed801438935af8cd8896d5b788483e7893fa1
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2022-05-26 19:34:05 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2022-05-26 19:34:19 +0000

    dev-qt/qtwebengine: 5.15.4_p20220526 version bump
    
    Various security fixes...
    
    Snapshotted at:
    Branch: 5.15
    Commit: 79943b157ef381e5953f34f8e03049f2eecd6eb5
    
    Submodule qtwebengine-chromium.git:
    Branch: 87-based
    Commit: 7857ff290ab254a5a1fe2e85e146680448b4d46e
    
    Bug: https://bugs.gentoo.org/847613
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 +
 .../qtwebengine-5.15.4_p20220526.ebuild            | 275 +++++++++++++++++++++
 2 files changed, 276 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2022-05-30 16:09:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d9fd830429f4bc8f41e12c837107c8aefaebc0c3

commit d9fd830429f4bc8f41e12c837107c8aefaebc0c3
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2022-05-30 15:21:52 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2022-05-30 16:09:02 +0000

    dev-qt/qtwebengine: Re-add KEYWORDS to 5.15.4_p20220526
    
    Bug: https://bugs.gentoo.org/847613
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/qtwebengine-5.15.4_p20220526.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 3 Larry the Git Cow gentoo-dev 2022-06-14 17:32:07 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6cdbe0d99c748df0cda42c26aa7eca4e5537cc7c

commit 6cdbe0d99c748df0cda42c26aa7eca4e5537cc7c
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2022-06-14 16:08:27 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2022-06-14 17:31:46 +0000

    dev-qt/qtwebengine: Cleanup vulnerable 5.15.3_p20220406
    
    Bug: https://bugs.gentoo.org/847613
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 -
 .../qtwebengine-5.15.3_p20220406.ebuild            | 280 ---------------------
 2 files changed, 281 deletions(-)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-14 19:24:58 UTC
Thanks!