Opened 4 months ago

Closed 4 months ago

#14863 closed enhancement (fixed)

Next set of qtwebengine updates

Reported by: ken@… Owned by: ken@…
Priority: elevated Milestone: 10.2
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description (last modified by ken@…)

The public release of qt-5.15.3 might happen at the end of april, but meanwhile they have updated their 5.15 branch to fix a number of specified security issues (those turned out to be chromium security issues, I see no point in trying to discover the details of what are probably still restricted issues), as well as several CVEs:

At the end of March they fixed CVE-2021-21193, CVE-2021-21191, CVE-2021-21166, CVE-2021-21187, CVE-2021-21183 and CVE-2020-27844 (all originally raised against chromium).

On 1st April they fixed two more of the latest batch of chromium CVEs, CVE-2021-21198 and CVE-2021-21195.

It is not clear if they have finished with this latest batch, but the items changed suggest that they maybe have (the latest batch is CVE-2021-21194-21199, see e.g. [ https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2021-042/]

Keeping this open for a couple of days to see if more updates appear.

Change History (5)

comment:1 by ken@…, 4 months ago

Owner: changed from blfs-book to ken@…
Status: newassigned

comment:2 by ken@…, 4 months ago

Description: modified (diff)

[ken] Removed comments about the build being a lot slower - I think that at some point I installed a debug build of Qt in my "by the book" (i.e. without my CFLAGS) /opt/qt5book.

Have just started a complete by-the-book system build to review this.

comment:3 by ken@…, 4 months ago

Priority: normalelevated

Although random updates to the 5.15 qtwebengine branch have appeared this week (for mac / windows / static builds) none of them are relevant to us. One of the items mentioned embedded PDFs, the link in the QT bug works for me. So, going with the pull from 20210401.

comment:4 by ken@…, 4 months ago

Committed in r24457. Goodbye, subversion.

comment:5 by ken@…, 4 months ago

Resolution: fixed
Status: assignedclosed

Security Advisory 10.1-026 pushed.

Note: See TracTickets for help on using tickets.