#18024 closed enhancement (fixed)
qtwebengine-5.15.14
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | 12.0 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
It seems that qt-5.15.14 was released on 4th May. Therefore, what is in the 5.15.14 branch of qtwebengine is the end of the line (end of life for 5.15 on 26th May).
I'll get to this when the machine where I pull the sources is available for this.
Change History (7)
follow-up: 4 comment:1 by , 12 months ago
comment:2 by , 12 months ago
CVEs fixed in 5.15.14 (all documented at nvd because now quite old: first chromium fixes them, then qt current, then qt backports).
CVE-2023-29469: Security-bug-1433328 (libxml) -Medium
CVE-2023-2137: Heap buffer overflow in shipped sqlite - High
CVE-2023-2033: Type Confusion in V8 - High
CVE-2023-1811: Use after free in Frames - High
CVE-2023-1810: Heap buffer overflow in Visuals - High
CVE-2023-1534: Out of bounds read in ANGLE - High
CVE-2023-1531: Use after free in ANGLE - High
CVE-2023-1530: Use after free in PDF - High
CVE-2023-1529: Out of bounds memory access in WebHID - Critical
CVE-2023-1222: Heap buffer overflow in Web Audio API - High
CVE-2023-1220: Heap buffer overflow in UMA - High
CVE-2023-1219: Heap buffer overflow in Metrics - High
CVE-2023-1217: Stack buffer overflow in Crash reporting (MS windows only, Medium)
CVE-2023-1215: Type Confusion in CSS - High
comment:4 by , 12 months ago
Replying to ken@…:
Although the commits for qtwebengine are still visible at https://code.qt.io/cgit/qt/qtwebengine.git/ the repo has moved to https://code.qt.io/qt/qtwebengine.git - fixed with git remote get-url origin to check what I had been using, then git remote set-origin https://code.qt.io/qt/qtwebengine.git.
Seems what was in the book's comments for editors was ok, at some point I had local problems with my checkout, removed it and started again - obviously at that time I was looking at the web page to see where I wanted to clone.
comment:6 by , 12 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Security Advisory SA 11.3-027 created.
Although the commits for qtwebengine are still visible at https://code.qt.io/cgit/qt/qtwebengine.git/ the repo has moved to https://code.qt.io/qt/qtwebengine.git - fixed with git remote get-url origin to check what I had been using, then git remote set-origin https://code.qt.io/qt/qtwebengine.git.