Opened 13 months ago

Closed 13 months ago

Last modified 8 months ago

#17769 closed enhancement (fixed)

qtwebengine-5.15.13

Reported by: Douglas R. Reno Owned by: ken@…
Priority: elevated Milestone: 12.0
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version. Noticed over at Arch

Change History (4)

comment:1 by ken@…, 13 months ago

Owner: changed from blfs-book to ken@…
Priority: normalelevated
Status: newassigned

I've been waiting for Qt to announce the availability of paid-for 5.15.13, due early March after missing February. I looked a few hours ago at the Qt blog, nothing yet.

Ah, I now see that the 5.15.13 branch has been tagged as -lts with the commit I tested.

This fixes the following eight new CVEs (all eventually backported from newer versions of chromium), all reated as High at nvd:

CVE-2023-0933: Integer overflow in PDF CVE-2023-0931: Use after free in Video CVE-2023-0698: Out of bounds read in WebRTC CVE-2023-0472: Use after free in WebRTC CVE-2023-0129: Heap buffer overflow in Network Service CVE-2022-4438: Use after free in Blink Frames CVE-2022-4437: Use after free in Mojo IPC

I hope to upload the tarball and modified patch tomorrow, the ffmpeg5 patch should roll forward for fmfpeg5-and-later - I might alter the introductory text.

comment:2 by ken@…, 13 months ago

Book updated and pushed after --no-ff in dce3118b32ef63f6a331577d2e63ed7142d84a28 r11.3-89

Keeping open until I do the Security Advisory, probably tomorrow.

comment:3 by ken@…, 13 months ago

Resolution: fixed
Status: assignedclosed

Security Advisory SA 11.3-003 created.

comment:4 by Bruce Dubbs, 8 months ago

Milestone: 11.412.0

Milestone renamed

Note: See TracTickets for help on using tickets.