#14863 closed enhancement (fixed)
Next set of qtwebengine updates
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | elevated | Milestone: | 11.0 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description (last modified by )
The public release of qt-5.15.3 might happen at the end of april, but meanwhile they have updated their 5.15 branch to fix a number of specified security issues (those turned out to be chromium security issues, I see no point in trying to discover the details of what are probably still restricted issues), as well as several CVEs:
At the end of March they fixed CVE-2021-21193, CVE-2021-21191, CVE-2021-21166, CVE-2021-21187, CVE-2021-21183 and CVE-2020-27844 (all originally raised against chromium).
On 1st April they fixed two more of the latest batch of chromium CVEs, CVE-2021-21198 and CVE-2021-21195.
It is not clear if they have finished with this latest batch, but the items changed suggest that they maybe have (the latest batch is CVE-2021-21194-21199, see e.g. [ https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2021-042/]
Keeping this open for a couple of days to see if more updates appear.
Change History (6)
comment:1 by , 4 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:2 by , 3 years ago
Description: | modified (diff) |
---|
comment:3 by , 3 years ago
Priority: | normal → elevated |
---|
Although random updates to the 5.15 qtwebengine branch have appeared this week (for mac / windows / static builds) none of them are relevant to us. One of the items mentioned embedded PDFs, the link in the QT bug works for me. So, going with the pull from 20210401.
comment:5 by , 3 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Security Advisory 10.1-026 pushed.
[ken] Removed comments about the build being a lot slower - I think that at some point I installed a debug build of Qt in my "by the book" (i.e. without my CFLAGS) /opt/qt5book.
Have just started a complete by-the-book system build to review this.