906857 – <dev-qt/qtwebengine-5.15.9_p20230505: Multiple vulnerabilities...

Bug 906857 - <dev-qt/qtwebengine-5.15.9_p20230505: Multiple vulnerabilities...

Summary: <dev-qt/qtwebengine-5.15.9_p20230505: Multiple vulnerabilities...

Status:	CONFIRMED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	A2 [glsa?]
Keywords:

Depends on:	904290 906883
Blocks:	909778
	Show dependency tree

Reported:	2023-05-20 19:15 UTC by Andreas Sturmlechner
Modified:	2023-07-13 08:42 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Sturmlechner gentoo-dev

2023-05-20 19:15:18 UTC

* [Backport] CVE-2023-29469 / Security bug 1433328
* [Backport] Security bug 1423360
* [Backport] CVE-2023-2137: Heap buffer overflow in sqlite
* [Backport] Security bug 1427388
* [Backport] CVE-2023-2033: Type Confusion in V8
* [Backport] CVE-2023-1811: Use after free in Frames
* [Backport] CVE-2023-1810: Heap buffer overflow in Visuals

Comment 1 Larry the Git Cow gentoo-dev

2023-05-21 07:05:28 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=97eee0b31f22ceab91ecc73e62e8d88ede6b3eb7

commit 97eee0b31f22ceab91ecc73e62e8d88ede6b3eb7
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2023-05-20 19:10:10 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2023-05-21 07:04:53 +0000

    dev-qt/qtwebengine: add 5.15.9_p20230505, equiv. to upstream 5.15.14
    
    Patched with security patches up to Chromium version: 113.0.5672.64
    
    Bug: https://bugs.gentoo.org/906857
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 +
 .../qtwebengine-5.15.9_p20230505.ebuild            | 269 +++++++++++++++++++++
 2 files changed, 270 insertions(+)

Comment 2 Larry the Git Cow gentoo-dev

2023-05-24 11:15:18 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=92a014e0248ada5ff0ab0e8b5799943cf06c61cd

commit 92a014e0248ada5ff0ab0e8b5799943cf06c61cd
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2023-05-24 11:14:49 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2023-05-24 11:15:04 +0000

    dev-qt/qtwebengine: drop 5.15.9_p20230421
    
    Bug: https://bugs.gentoo.org/906857
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 -
 .../qtwebengine-5.15.9_p20230421-gcc-13.patch      | 134 ----------
 .../qtwebengine-5.15.9_p20230421.ebuild            | 272 ---------------------
 3 files changed, 407 deletions(-)

Comment 3 Larry the Git Cow gentoo-dev

2023-07-13 08:42:23 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb5fab846ae931348e67bfbb9449edcfd292b956

commit bb5fab846ae931348e67bfbb9449edcfd292b956
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2023-07-13 07:36:05 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2023-07-13 08:42:10 +0000

    dev-qt/qtwebengine: drop 5.15.9_p20230505, 5.15.10_p20230505
    
    Bug: https://bugs.gentoo.org/906857
    Bug: https://bugs.gentoo.org/909778
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 -
 .../qtwebengine-5.15.10_p20230505.ebuild           | 269 ---------------------
 .../qtwebengine-5.15.9_p20230505.ebuild            | 269 ---------------------
 3 files changed, 539 deletions(-)