|Reported by:||Owned by:|
It seems that commercial lts qt-5.15.6 is close to release (expected for nominally August). As part of that, the public changes for qtwebengine-5.15.6 appear to be complete.
In the big distros, both fedora (rawhide) and debian (sid) have produced versions in the last two or three months labelled as 5.15.5. I therefore propose to upload the new tarball as qtwebengine-5.15.6 rather than using a date in the name. Please note that it will continue to be installed as 5.15.2 to match the installed version of Qt.
The following new backported CVE fixes are in this version (status from nvd):
CVE-2021-30604: Use after free in ANGLE Not yet public CVE-2021-30603: Race in WebAudio Not yet public CVE-2021-30602: Use after free in WebRTC Not yet public CVE-2021-30599: Type Confusion in V8 Not yet public CVE-2021-30598: Type Confusion in V8 Not yet public CVE-2021-30588: Type Confusion in V8 High CVE-2021-30587: Inappropriate implementation in Compositing Medium CVE-2021-30585: Use after free in sensor handling High CVE-2021-30573: Use after free in GPU High CVE-2021-30569: Use after free in sqlite High CVE-2021-30568: Heap buffer overflow in WebGL High CVE-2021-30563: Type Confusion in V8 High CVE-2021-30560: Use after free in Blink XSLT High CVE-2021-30559: Out of bounds write in ANGLE High CVE-2021-30556: Use after free in WebAudio High CVE-2021-30554: Use after free in WebGL High CVE-2021-30553: Use after free in Network service High CVE-2021-30551: Type Confusion in V8 High CVE-2021-30548: Use after free in Loader High CVE-2021-30547: Out of bounds write in ANGLE High CVE-2021-30544: Use after free in BFCache High CVE-2021-30541: Use after free in V8 High CVE-2021-30536: Out of bounds read in V8 High CVE-2021-30535: Double free in ICU High CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox Medium CVE-2021-30533: Insufficient policy enforcement in PopupBlocker Medium CVE-2021-30530: Out of bounds memory access in WebAudio High CVE-2021-30523: Use after free in WebRTC High CVE-2021-30522: Use after free in WebAudio High
Tarball and patch at https://www.linuxfromscratch.org/~ken/test/ - tested on 11.0rc2