qtwebengine security fixes to match 5.15.5.
|Reported by:||Owned by:|
The commercial-customers-only release of qt-5.15.5 has now happened https://www.qt.io/blog/commercial-lts-qt-5.15.5-released
The qtwebengine changes are, of course, public and include the following CVE fixes since the upstream_fixes-2 patch:
CVE-2021-30518: Heap buffer overflow in Reader Mode CVE-2021-30516: Heap buffer overflow in History. CVE-2021-30515: Use after free in File API CVE-2021-30513: Type Confusion in V8 CVE-2021-30512: Use after free in Notifications CVE-2021-30510: Race in Aura CVE-2021-30508: Heap buffer overflow in Media Feeds
The combined patch is now 499K. Some of the gcc-11 fixes have been applied, others have not. Will rediff build_fixes and change the instructions to apply the upstream fixes first.