#14026 closed enhancement (fixed)

qt-everywhere-src-5.15.1

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: highest Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by Bruce Dubbs, 11 months ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 11 months ago

Qt 5.15.1 Released - Thursday September 10, 2020

We have released Qt 5.15.1, the first patch release of Qt 5.15 LTS. As a patch release, Qt 5.15.1 does not add any new functionality but provides many bug fixes and other improvements.

Compared to Qt 5.15.0, the new Qt 5.15.1 contains more than 400 bug fixes. For details of the most important changes, please check the Change files of Qt 5.15.1 at https://wiki.qt.io/Qt_5.15.1_Change_Files

comment:3 by Douglas R. Reno, 11 months ago

Priority: normalhighest

qtbase

BEHAVIOR CHANGES

****************************************************************************
*                        Important Behavior Changes                        *
****************************************************************************

 - QSharedPointer objects will now call custom deleters even when the
   pointer being tracked was null. This behavior is the same as
   std::shared_ptr.
 - Restored pre-5.15.0 behavior when converting from QVariant* to QJson*
   types. Unforeseen consequences of changes in 5.15.0 caused QByteArray
   data to be base64url-encoded; the handling of QRegularExpression was
   also unintentionally changed. These conversions are now reverted to the
   prior behavior. Additionally fixed QJsonValue::fromVariant conversions
   for NaN and infinities: they should always convert to QJsonValue::Null.

SECURITY ISSUES

 - QImage:
   * Fixed buffer overflow in XBM parser.
   * [oss-fuzz-23988] Fixed buffer overflow in XPM parser.
 - QXmlStreamReader:
   * [oss-fuzz-24347] Reduced memory consumption when handling huge input data.

qtquickcontrols2

 - [QTBUG-84381] StackView: fixed heap-use-after-free when pushing after clear.

QtSvg

****************************************************************************
*                               QSvgRenderer                               *
****************************************************************************

 - [oss-fuzz 23643][oss-fuzz-24028] Fixed endless recursions with
   self-referencing nodes.

 - [oss-fuzz-24146] Fixed endless recursion when inflating gzipped svg.

 - [ozz-fuzz 23606][oss-fuzz-24131] Avoid integer overflows.

 - Fixed various divisions by zero.

QtWebEngine

Chromium
--------

 - Security fixes from Chrome up to version 85.0.4183.83, including:

    * CVE-2020-6467
    * CVE-2020-6468
    * CVE-2020-6470
    * CVE-2020-6471
    * CVE-2020-6472
    * CVE-2020-6473
    * CVE-2020-6474
    * CVE-2020-6475
    * CVE-2020-6476
    * CVE-2020-6480
    * CVE-2020-6481
    * CVE-2020-6482
    * CVE-2020-6483
    * CVE-2020-6486
    * CVE-2020-6487
    * CVE-2020-6489
    * CVE-2020-6490
    * CVE-2020-6493: Use after free in WebAuthentication
    * CVE-2020-6506: Insufficient policy enforcement in WebView
    * CVE-2020-6510: Heap buffer overflow in background fetch
    * CVE-2020-6511: Side-channel information leakage in CSP
    * CVE-2020-6512: Type Confusion in V8
    * CVE-2020-6513: Heap buffer overflow in PDFium
    * CVE-2020-6514: Inappropriate implementation in WebRTC
    * CVE-2020-6518: Use after free in developer tools
    * CVE-2020-6523: Out of bounds write in Skia
    * CVE-2020-6524: Heap buffer overflow in WebAudio
    * CVE-2020-6526: Inappropriate implementation in iframe sandbox
    * CVE-2020-6529: Inappropriate implementation in WebRTC
    * CVE-2020-6530: Out of bounds memory access in  developer tools
    * CVE-2020-6531: Side-channel information leakage in scroll to text
    * CVE-2020-6532: Use after free in SCTP
    * CVE-2020-6533: Type Confusion in V8.
    * CVE-2020-6534: Heap buffer overflow in WebRTC
    * CVE-2020-6535: Insufficient data validation in WebUI
    * CVE-2020-6540: Heap buffer overflow in Skia
    * CVE-2020-6541: Use after free in WebUSB
    * CVE-2020-6542: Use after free in ANGLE
    * CVE-2020-6543: Use after free in task scheduling
    * CVE-2020-6544: Use after free in media
    * CVE-2020-6545: Use after free in audio
    * CVE-2020-6548: Heap buffer overflow in Skia
    * CVE-2020-6549: Use after free in media
    * CVE-2020-6550: Use after free in IndexedDB
    * CVE-2020-6551: Use after free in WebXR
    * CVE-2020-6555: Out of bounds read in WebGL
    * CVE-2020-6559: Use after free in presentation API
    * Security bug 1025302
    * Security bug 1029569
    * Security Bug 1048619
    * Security Bug 1051439
    * Security bug 1052492
    * Security bug 1054229
    * Security Bug 1056161
    * Security Bug 1057369
    * Security Bug 1058515
    * Security Bug 1061933
    * Security bug 1065122
    * Security bug 1065731
    * Security Bug 1070012
    * Security bug 1075907
    * Security bug 1087158
    * Security bug 1087629
    * Security bug 1090543
    * Security bug 1098860
    * Security bug 1102137
    * Security bug 1102408
    * Security bug 1108639

comment:4 by Bruce Dubbs, 11 months ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 23702/23703.

Note: See TracTickets for help on using tickets.