#11803 closed enhancement (fixed)
qt-everywhere-src-5.12.2 qtwebengine-5.12.2
| Reported by: | Douglas R. Reno | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | high | Milestone: | 9.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New point version
My guess is that this is security related due to the recent Chromium bugs that lead to sandbox escape and total machine takeover on some platforms.
Change History (4)
comment:1 by , 6 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 6 years ago
| Priority: | normal → high |
|---|
Note:
See TracTickets
for help on using tickets.
Replying to renodr:
Yes, and no ;-)
For qtwebengine the following security fixes are listed at https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.12.2/?h=v5.12.2 but as always qt release on their own schedule, and security fixes get into the next available scheduled release (i.e. if pre-release testing has already started, probably too late).
Anyway, for webengine:
Behavior Changes ---------------- - Deleting a download item will now also cancel the download if it is still in progress. Chromium -------- - Security fixes from Chromium up to version 72.0.3626.121, including: * CVE-2019-5754 * CVE-2019-5755 * CVE-2019-5756 * CVE-2019-5757 * CVE-2019-5758 * CVE-2019-5759 * CVE-2019-5760 * CVE-2019-5762 * CVE-2019-5763 * CVE-2019-5764 * CVE-2019-5769 * CVE-2019-5770 * CVE-2019-5775 * CVE-2019-5776 * CVE-2019-5777 * CVE-2019-5779 * CVE-2019-5781 * CVE-2019-5782 * CVE-2019-5783 * CVE-2019-5784 * CVE-2019-5786 * Security issue 895117 * Security issue 895970 * Security issue 899689 * Security issue 901677 * Security issue 903500 * Security issue 907047 * Security issue 908358 * Security issue 911253 * Security issue 912508 * Security issue 912520 * Security issue 922677 General ------- - [QTBUG-72021] Improved tooltip wrapping to match other browsers. - [QTBUG-72714] Fixed clipboard API not being permitted when settings allowed it. - [QTBUG-73839] Fixed minor memory leak per download. - Fixed regression in certificate transparency checking.For everything else, changes in a particular component are listed at https://wiki.qt.io/Qt_5.12.2_Change_Files
I've increased the priority to high, but that is only for webengine. Based on experience with 5.12.1, probably only webengine has known vulnerability fixes, but it seems likely that both parts will need to be updated.