Update the book to QtWebEngine-5.15.17

[Douglas R. Reno]

QtWebEngine requires an emergency security update to handle CVE-2023-6345, a critical security vulnerability in Skia which is being actively exploited. Most organizations that use Chromium-based products (including Edge) are forcing updates to their Linux, macOS, and Windows based endpoints to take care of it due to the severity. This vulnerability can be exploited on any page that contains an image or 2D content, and is classified as an integer overflow. Remote code execution appears to be possible. Since there aren't really any official releases of QtWebEngine for Qt5 anymore and we roll our own with backports, this becomes our responsibility.

Note that this vulnerability may affect Firefox, Thunderbird, Libreoffice, and potentially Seamonkey as well - since those all use Skia internally too. Hopefully we get patches for those shortly.

In addition to this, QtWebEngine will receive fixes for the following CVEs:

• CVE-2023-5482: Out Of Bounds memory access in USB (High)
• CVE-2023-5849: Integer Overflow in USB (High)
• CVE-2023-45853: Integer Overflow in MiniZip (9.8 Critical)
• CVE-2023-5218: Use After Free in Site Isolation (High)
• CVE-2023-5217: Heap Buffer Overflow in VP8 Encoding (High)
• CVE-2023-5996: Use After Free in WebAudio (High)
• CVE-2023-6112: Use After Free in Navigation (High)
• CVE-2023-5997: Use After Free in Garbage Collection (High)

This update will also bring several updates for supporting newer Intel GPUs with the bundled copy of Chromium.

Ken has asked me to take care of this

[Douglas R. Reno]

The build works and testing with Falkon shows no regressions. :)

I've uploaded the tarball and bumped the patch. Because of the changes to Chromium though, I need to do a build for stats. Once that's done I will commit the changes to the book, file an SA, and send an email out to the lists

[Douglas R. Reno]

Fixed at 1d88a48bd3c523cdd9614dae87f7abc8e8640da1

SA-12.0-048 issued.

Sent an email to the lists.