Opened 3 months ago

Closed 3 months ago

#15471 closed enhancement (fixed)

qtwebengine-5.15.6

Reported by: ken@… Owned by: ken@…
Priority: elevated Milestone: 11.0
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

It seems that commercial lts qt-5.15.6 is close to release (expected for nominally August). As part of that, the public changes for qtwebengine-5.15.6 appear to be complete.

In the big distros, both fedora (rawhide) and debian (sid) have produced versions in the last two or three months labelled as 5.15.5. I therefore propose to upload the new tarball as qtwebengine-5.15.6 rather than using a date in the name. Please note that it will continue to be installed as 5.15.2 to match the installed version of Qt.

The following new backported CVE fixes are in this version (status from nvd):

CVE-2021-30604: Use after free in ANGLE                          Not yet public
CVE-2021-30603: Race in WebAudio                                 Not yet public
CVE-2021-30602: Use after free in WebRTC                         Not yet public
CVE-2021-30599: Type Confusion in V8                             Not yet public
CVE-2021-30598: Type Confusion in V8                             Not yet public
CVE-2021-30588: Type Confusion in V8                             High
CVE-2021-30587: Inappropriate implementation in Compositing      Medium
CVE-2021-30585: Use after free in sensor handling                High
CVE-2021-30573: Use after free in GPU                            High
CVE-2021-30569: Use after free in sqlite                         High
CVE-2021-30568: Heap buffer overflow in WebGL                    High
CVE-2021-30563: Type Confusion in V8                             High
CVE-2021-30560: Use after free in Blink XSLT                     High
CVE-2021-30559: Out of bounds write in ANGLE                     High
CVE-2021-30556: Use after free in WebAudio                       High
CVE-2021-30554: Use after free in WebGL                          High
CVE-2021-30553: Use after free in Network service                High
CVE-2021-30551: Type Confusion in V8                             High
CVE-2021-30548: Use after free in Loader                         High
CVE-2021-30547: Out of bounds write in ANGLE                     High
CVE-2021-30544: Use after free in BFCache                        High
CVE-2021-30541: Use after free in V8                             High
CVE-2021-30536: Out of bounds read in V8                         High
CVE-2021-30535: Double free in ICU                               High
CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox Medium
CVE-2021-30533: Insufficient policy enforcement in PopupBlocker  Medium
CVE-2021-30530: Out of bounds memory access in WebAudio          High
CVE-2021-30523: Use after free in WebRTC                         High
CVE-2021-30522: Use after free in WebAudio                       High

Tarball and patch at https://www.linuxfromscratch.org/~ken/test/ - tested on 11.0rc2

Change History (4)

comment:1 by Douglas R. Reno, 3 months ago

I'm not sure I'd mark this one as Elevated considering the amount of High severity issues.

comment:3 by ken@…, 3 months ago

Updates at NVD:

CVE-2021-30604: Use after free in ANGLE                          High
CVE-2021-30603: Race in WebAudio                                 High
CVE-2021-30602: Use after free in WebRTC                         High
CVE-2021-30599: Type Confusion in V8                             High
CVE-2021-30598: Type Confusion in V8                             High

comment:4 by ken@…, 3 months ago

Resolution: fixed
Status: assignedclosed

Security Advisory SA 10.1-103.

Note: See TracTickets for help on using tickets.