#15195 closed enhancement (fixed)
qtwebengine security fixes to match 5.15.5.
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.0 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
The commercial-customers-only release of qt-5.15.5 has now happened https://www.qt.io/blog/commercial-lts-qt-5.15.5-released
The qtwebengine changes are, of course, public and include the following CVE fixes since the upstream_fixes-2 patch:
CVE-2021-30518: Heap buffer overflow in Reader Mode CVE-2021-30516: Heap buffer overflow in History. CVE-2021-30515: Use after free in File API CVE-2021-30513: Type Confusion in V8 CVE-2021-30512: Use after free in Notifications CVE-2021-30510: Race in Aura CVE-2021-30508: Heap buffer overflow in Media Feeds
The combined patch is now 499K. Some of the gcc-11 fixes have been applied, others have not. Will rediff build_fixes and change the instructions to apply the upstream fixes first.
Change History (5)
comment:1 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:4 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Security Advisory SA 10.1-065 created.
Note:
See TracTickets
for help on using tickets.
Ouch, all 7 of those vulnerabilities are marked as 8.8 High by NVD!
[edit: 7 vulnerabilities, not 8]