Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 922189 - <dev-qt/qtwebengine-5.15.12_p20240122: Multiple vulnerabilities
Summary: <dev-qt/qtwebengine-5.15.12_p20240122: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A1 [glsa+]
Keywords:
Depends on: qt-5.15.12-stable
Blocks: CVE-2023-5997, CVE-2023-6112 CVE-2023-6345, CVE-2023-6346, CVE-2023-6347, CVE-2023-6348, CVE-2023-6350, CVE-2023-6351 CVE-2023-6508, CVE-2023-6509, CVE-2023-6510, CVE-2023-6511, CVE-2023-6512 CVE-2023-6702, CVE-2023-6703, CVE-2023-6704, CVE-2023-6705, CVE-2023-6706, CVE-2023-6707 CVE-2023-7024 CVE-2024-0222, CVE-2024-0223, CVE-2024-0224, CVE-2024-0225 CVE-2024-0333 CVE-2024-0517, CVE-2024-0518, CVE-2024-0519 927746
  Show dependency tree
 
Reported: 2024-01-15 22:04 UTC by Andreas Sturmlechner
Modified: 2024-03-24 19:25 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Sturmlechner gentoo-dev 2024-01-15 22:04:39 UTC 
Fixup: [Backport] Security bug 1505632
[Backport] Security bug 1505632
[Backport] CVE-2023-6702: Type Confusion in V8
[Backport] CVE-2023-6345: Integer overflow in Skia
[Backport] Security bug 1488199 (2/2)
[Backport] Security bug 1488199 (1/2)
[Backport] CVE-2023-6510: Use after free in Media Capture
[Backport] CVE-2023-6347: Use after free in Mojo
[Backport] CVE-2023-6112: Use after free in Navigation
Comment 1 Andreas Sturmlechner gentoo-dev 2024-01-22 19:05:24 UTC 
[Backport] Security bug 151168987-based
[Backport] CVE-2024-0224: Use after free in WebAudio
[Backport] CVE-2023-7024: Heap buffer overflow in WebRTC
[Backport] Security bug 1506535
[Backport] CVE-2024-0519: Out of bounds memory access in V8
[Backport] CVE-2024-0518: Type Confusion in V8
[Backport] CVE-2024-0333: Insufficient data validation in Extensions
[Backport] CVE-2024-0222: Use after free in ANGLE
Fixup: [Backport] Security bug 1488199
Comment 2 Larry the Git Cow gentoo-dev 2024-01-22 19:38:20 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7beb9333b115f33305c81e2bbecd04a36a94d0a2

commit 7beb9333b115f33305c81e2bbecd04a36a94d0a2
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2024-01-22 19:20:57 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2024-01-22 19:27:33 +0000

    dev-qt/qtwebengine: add 5.15.12_p20240122
    
    Bug: https://bugs.gentoo.org/921565
    Bug: https://bugs.gentoo.org/922189
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 +
 .../qtwebengine-5.15.12_p20240122.ebuild           | 279 +++++++++++++++++++++
 2 files changed, 280 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2024-02-01 23:06:23 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=acf45c1ef3f684fe1c639477406c73485709ca97

commit acf45c1ef3f684fe1c639477406c73485709ca97
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2024-02-01 22:57:53 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2024-02-01 23:00:58 +0000

    dev-qt/qtwebengine: drop 5.15.11_p20231120, 5.15.12_p20240112
    
    Bug: https://bugs.gentoo.org/922189
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   2 -
 ...twebengine-5.15.11_p20231120-libxml2-2.12.patch |  43 ---
 .../files/qtwebengine-6.5.3-icu74.patch            |  16 --
 .../qtwebengine-5.15.11_p20231120.ebuild           | 287 ---------------------
 .../qtwebengine-5.15.12_p20240112.ebuild           | 279 --------------------
 5 files changed, 627 deletions(-)
Comment 4 Larry the Git Cow gentoo-dev 2024-02-18 08:01:37 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=5daca99d83cb70fd50b2416394c79519718a247a

commit 5daca99d83cb70fd50b2416394c79519718a247a
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-02-18 07:37:49 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-02-18 08:01:27 +0000

    [ GLSA 202402-14 ] QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/922189
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202402-14.xml | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)