Opened 14 months ago
Closed 14 months ago
#20493 closed enhancement (fixed)
qtwebengine-6.8.0
| Reported by: | Bruce Dubbs | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | high | Milestone: | 12.3 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New minor version.
Change History (5)
comment:1 by , 14 months ago
comment:2 by , 14 months ago
| Priority: | normal → high |
|---|
Three security fixes were put into this release associated with the bundled copy of Chromium:
- [Backport] CVE-2024-9123: Integer overflow in Skia
- [Backport] CVE-2024-9122: Type Confusion in V8
- [Backport] CVE-2024-9120: Use after free in Dawn
CVE-2024-9123 is rated as High and is an RCE in Skia (out-of-bounds write)
CVE-2024-9122 is rated as High and is an RCE in V8 (out-of-bounds memory access)
CVE-2024-9120 is rated as High and is an RCE in Dawn (heap corruption)
All three are exploitable via crafted HTML pages.
comment:3 by , 14 months ago
Updated at commits
52b457186b Update to qt-everywhere-src-6.8.0 (Security Update). 9192fec80c Update to qtwebengine-6.8.0 (Security Update).
Holding open for security advisories.
comment:4 by , 14 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
Note:
See TracTickets
for help on using tickets.
Successful and the ffmpeg patch is no longer needed as was expected.