Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 903544 - <dev-qt/qtwebengine-5.15.8_p20230313: Multiple vulnerabilities...
Summary: <dev-qt/qtwebengine-5.15.8_p20230313: Multiple vulnerabilities...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa+]
Keywords:
Depends on: 888181 903115
Blocks: CVE-2022-4174, CVE-2022-4175, CVE-2022-4176, CVE-2022-4177, CVE-2022-4178, CVE-2022-4179, CVE-2022-4180, CVE-2022-4181, CVE-2022-4182, CVE-2022-4183, CVE-2022-4184, CVE-2022-4185, CVE-2022-4186, CVE-2022-4187, CVE-2022-4188, CVE-2022-4189, CVE-2022-4190, CVE-2022-4191, CVE-2022-4192, CVE-2022-4193, CVE-2022-4194, CVE-2022-4195 CVE-2022-4436, CVE-2022-4437, CVE-2022-4438, CVE-2022-4439, CVE-2022-4440 CVE-2023-0128, CVE-2023-0129, CVE-2023-0130, CVE-2023-0131, CVE-2023-0132, CVE-2023-0133, CVE-2023-0134, CVE-2023-0135, CVE-2023-0136, CVE-2023-0137, CVE-2023-0138, CVE-2023-0139, CVE-2023-0140, CVE-2023-0141 904290
  Show dependency tree
 
Reported: 2023-03-29 14:48 UTC by Andreas Sturmlechner
Modified: 2023-11-25 09:53 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Sturmlechner gentoo-dev 2023-03-29 14:48:27 UTC 
Not found 
  * [Backport] CVE-2023-0933: Integer overflow in PDF
  * [Backport] CVE-2023-0931: Use after free in Video
  * [Backport] CVE-2023-0698: Out of bounds read in WebRTC
  * [Backport] CVE-2023-0472: Use after free in WebRTC

  * [Backport] Security bug 1406115
  * [Backport] Security bug 1393384
  * [Backport] Security bug 1399424
  * [Backport] CVE-2023-0129: Heap buffer overflow in Network Service
  * [Backport] Security bug 1394382
  * [Backport] CVE-2022-4437: Use after free in Mojo IPC
  * [Backport] CVE-2022-4438: Use after free in Blink Frames
  * [Backport] CVE-2022-4179: Use after free in Audio
Comment 1 Larry the Git Cow gentoo-dev 2023-04-09 20:17:31 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad78682a89f566aac4a43ee935038e6068212b84

commit ad78682a89f566aac4a43ee935038e6068212b84
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2023-04-09 20:11:23 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2023-04-09 20:17:05 +0000

    dev-qt/qtwebengine: Cleanup vulnerable 5.15.8_p20230112
    
    Bug: https://bugs.gentoo.org/903544
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   3 -
 ...qtwebengine-5.15.2-disable-fatal-warnings.patch |  12 -
 ...ine-5.15.2_p20210224-chromium-87-v8-icu68.patch | 192 ---------
 .../qtwebengine-5.15.2_p20210224-disable-git.patch |  15 -
 ...gine-5.15.2_p20211015-pdfium-system-lcms2.patch |  79 ----
 .../qtwebengine-5.15.3_p20220329-clang14.patch     |  42 --
 .../qtwebengine-5.15.3_p20220406-ffmpeg5.patch     | 169 --------
 ...webengine-5.15.3_p20220406-gcc12-includes.patch |  32 --
 .../qtwebengine-5.15.3_p20220505-extra-gn.patch    |  10 -
 ...gine-5.15.8_p20230106-v8-opcode-constexpr.patch |  43 --
 .../qtwebengine-5.15.8_p20230106-widevine.patch    |  82 ----
 .../files/qtwebengine-5.15.8_p20230112-gcc13.patch | 431 ---------------------
 .../qtwebengine-5.15.8_p20230112.ebuild            | 285 --------------
 13 files changed, 1395 deletions(-)
Comment 2 Larry the Git Cow gentoo-dev 2023-11-25 09:51:13 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=dd9cd4b6340b04f214138bcc4ca322bc52441f35

commit dd9cd4b6340b04f214138bcc4ca322bc52441f35
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-11-25 09:50:35 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-11-25 09:51:04 +0000

    [ GLSA 202311-11 ] QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/866332
    Bug: https://bugs.gentoo.org/888181
    Bug: https://bugs.gentoo.org/903544
    Bug: https://bugs.gentoo.org/904290
    Bug: https://bugs.gentoo.org/906857
    Bug: https://bugs.gentoo.org/909778
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202311-11.xml | 163 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 163 insertions(+)