Change History (6)
comment:1 by , 5 years ago
| Summary: | qt-everywhere-src-5.14.2 → qt-everywhere-src-5.14.2 qtwebengine-5.14.2 |
|---|
comment:2 by , 5 years ago
| Priority: | normal → highest |
|---|
This has security fixes for two different components: QtBase and QtWebEngine.
qtbase
https://code.qt.io/cgit/qt/qtbase.git/tree/dist/changes-5.14.2/?h=v5.14.2
**************************************************************************** * Third-Party Code * **************************************************************************** - md4c was updated to 0.4.3. This fixes vulnerability oss-fuzz-20580. - QtSQL, sqlite: * Updated to v3.31.1 * [QTBUG-82533] Fixed CVE-2020-9327
qtwebengine
https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.14.2/?h=v5.14.2
- Security fixes from Chromium up to version 80.0.3987.132, including:
* CVE-2019-19880
* CVE-2019-19923 - Out of bounds memory access in SQLite
* CVE-2019-19925 - Multiple vulnerabilities in SQLite
* CVE-2019-19926 - Inappropriate implementation in SQLite
* CVE-2019-18197 - Multiple vulnerabilities in XML
* CVE-2019-20503 - Out of bounds read in usersctplib
* CVE-2020-6381 - Integer overflow in Javascript
* CVE-2020-6383 - Type confusion in V8
* CVE-2020-6384 - Use after free in WebAudio
* CVE-2020-6385 - Insufficient policy enforcement in storage
* CVE-2020-6387 - Out of bounds write in WebRTC
* CVE-2020-6388 - Out of bounds memory access in WebAudio
* CVE-2020-6389 - Out of bounds write in WebRTC
* CVE-2020-6390 - Out of bounds memory access in streams
* CVE-2020-6391 - Insufficient validation of untrusted input in Blink
* CVE-2020-6392 - Insufficient policy enforcement in extensions
* CVE-2020-6393 - Insufficient policy enforcement in Blink
* CVE-2020-6394 - Insufficient policy enforcement in Blink
* CVE-2020-6395 - Out of bounds read in JavaScript
* CVE-2020-6396 - Inappropriate implementation in Skia
* CVE-2020-6398 - Uninitialized use in PDFium
* CVE-2020-6399 - Insufficient policy enforcement in AppCache
* CVE-2020-6400 - Inappropriate implementation in CORS
* CVE-2020-6401
* CVE-2020-6404 - Inappropriate implementation in Blink
* CVE-2020-6405 - Out of bounds read in SQLite
* CVE-2020-6406 - Use after free in audio
* CVE-2020-6407 - Out of bounds memory access in streams
* CVE-2020-6410 - Insufficient policy enforcement in navigation
* CVE-2020-6411
* CVE-2020-6412 - Insufficient validation of untrusted input in Omnibox
* CVE-2020-6413 - Inappropriate implementation in Blink
* CVE-2020-6415
* CVE-2020-6418 - Type confusion in V8
* CVE-2020-6420 - Insufficient policy enforcement in media
* CVE-2020-6422 - Use after free in WebGL.
* CVE-2020-6426 - Inappropriate implementation in V8.
* CVE-2020-6427 - Use after free in audio.
* CVE-2020-6428 - Use after free in audio.
* CVE-2020-6429 - Use after free in audio.
* CVE-2020-6449 - Use after free in audio.
* Security bug 925035
* Security bug 1016038
* Security bug 1016506
* Security bug 1018629
* Security bug 1020031
* Security bug 1025442
* Security bug 1026293
* Security bug 1029865
* Security bug 1031909
* Security bug 1033461
* Security bug 1035723
* Security bug 1040700
* Security bug 1044570
* Security bug 1047097
Most of the above security vulnerabilities are marked as critical or high in the NVD. Four of the WebEngine vulnerabilities are 0-days.
comment:3 by , 5 years ago
Looks like a drop-in-update. Compiled/installed both, qt & webengine, no issues so far.
Note:
See TracTickets
for help on using tickets.
Add qtwebengine to the list.