Change History (4)
comment:1 by , 2 years ago
| Owner: | changed from to |
|---|---|
| Priority: | normal → elevated |
| Status: | new → assigned |
comment:2 by , 2 years ago
Book updated and pushed after --no-ff in dce3118b32ef63f6a331577d2e63ed7142d84a28 r11.3-89
Keeping open until I do the Security Advisory, probably tomorrow.
comment:3 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Security Advisory SA 11.3-003 created.
Note:
See TracTickets
for help on using tickets.
I've been waiting for Qt to announce the availability of paid-for 5.15.13, due early March after missing February. I looked a few hours ago at the Qt blog, nothing yet.
Ah, I now see that the 5.15.13 branch has been tagged as -lts with the commit I tested.
This fixes the following eight new CVEs (all eventually backported from newer versions of chromium), all reated as High at nvd:
CVE-2023-0933: Integer overflow in PDF CVE-2023-0931: Use after free in Video CVE-2023-0698: Out of bounds read in WebRTC CVE-2023-0472: Use after free in WebRTC CVE-2023-0129: Heap buffer overflow in Network Service CVE-2022-4438: Use after free in Blink Frames CVE-2022-4437: Use after free in Mojo IPC
I hope to upload the tarball and modified patch tomorrow, the ffmpeg5 patch should roll forward for fmfpeg5-and-later - I might alter the introductory text.