Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 913050 - <dev-qt/qtwebengine-5.15.10_p20230815: Multiple vulnerabilities
Summary: <dev-qt/qtwebengine-5.15.10_p20230815: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa+]
Keywords: PullRequest
Depends on: 909778 913051 qt-5.15.11-stable
Blocks: CVE-2023-4068, CVE-2023-4069, CVE-2023-4070, CVE-2023-4071, CVE-2023-4072, CVE-2023-4073, CVE-2023-4074, CVE-2023-4075, CVE-2023-4076, CVE-2023-4077, CVE-2023-4078 915465
  Show dependency tree
 
Reported: 2023-08-26 11:55 UTC by Andreas Sturmlechner
Modified: 2023-12-22 10:53 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Sturmlechner gentoo-dev 2023-08-26 11:55:01 UTC 
* [Backport] Security bug 1465224
* [Backport] Dependency for security bug 1465224
* [Backport] CVE-2023-4071: Heap buffer overflow in Visuals
* [Backport] CVE-2023-4076: Use after free in WebRTC
* [Backport] CVE-2023-4074: Use after free in Blink Task Scheduling
* [Backport] Security bug 1454860	Philipp Hancke
Comment 1 Larry the Git Cow gentoo-dev 2023-08-26 11:56:51 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f371276d06c8bb67cfbcefcded9114b7eaac2c49

commit f371276d06c8bb67cfbcefcded9114b7eaac2c49
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2023-08-26 11:37:26 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2023-08-26 11:56:28 +0000

    dev-qt/qtwebengine: add 5.15.10_p20230815
    
    Bug: https://bugs.gentoo.org/913050
    Bug: https://bugs.gentoo.org/913051
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   2 +
 .../qtwebengine-5.15.10_p20230815.ebuild           | 267 +++++++++++++++++++++
 2 files changed, 269 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2023-11-06 18:11:00 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e08b418838581c66ea1fe3d052b3e6f7380035ce

commit e08b418838581c66ea1fe3d052b3e6f7380035ce
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2023-11-06 09:40:30 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2023-11-06 18:10:30 +0000

    dev-qt/qtwebengine: drop 5.15.10_p20230623, 5.15.10_p20230815
    
    Bug: https://bugs.gentoo.org/913050
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   3 -
 .../qtwebengine-5.15.10_p20230623-clang16.patch    |  15 --
 ...ne-5.15.10_p20230623-ffmpeg-binutils-2.41.patch |  75 ------
 .../qtwebengine-5.15.10_p20230623.ebuild           | 273 ---------------------
 .../qtwebengine-5.15.10_p20230815.ebuild           | 267 --------------------
 5 files changed, 633 deletions(-)
Comment 3 Andreas Sturmlechner gentoo-dev 2023-11-25 16:17:39 UTC 
(In reply to Larry the Git Cow from comment #2)
> commit e08b418838581c66ea1fe3d052b3e6f7380035ce
> Author:     Andreas Sturmlechner <asturm@gentoo.org>
> AuthorDate: 2023-11-06 09:40:30 +0000
> Commit:     Andreas Sturmlechner <asturm@gentoo.org>
> CommitDate: 2023-11-06 18:10:30 +0000
> 
>     dev-qt/qtwebengine: drop 5.15.10_p20230623, 5.15.10_p20230815
That was a cleanup, fyi.
Comment 4 Larry the Git Cow gentoo-dev 2023-12-22 10:51:59 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=33421161add23e707a21bf30329af848c2577694

commit 33421161add23e707a21bf30329af848c2577694
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-12-22 10:51:22 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-12-22 10:51:49 +0000

    [ GLSA 202312-07 ] QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/913050
    Bug: https://bugs.gentoo.org/915465
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202312-07.xml | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 87 insertions(+)