Opened 2 months ago

Closed 2 months ago

#20998 closed enhancement (fixed)

qt6 qtwebengine 6.8.2

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: high Milestone: 12.3
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version

Change History (3)

comment:1 by Douglas R. Reno, 2 months ago

Priority: normalhigh

Release notes can be found at https://code.qt.io/cgit/qt/qtreleasenotes.git/about/qt/6.8.2/release-note.md

They include a security fix for QtConnectivity - CVE-2025-23050 (see https://www.qt.io/blog/security-advisory-qlowenergycontroller-on-linux) - SUSE rates this as Moderate.

Now let's talk qtwebengine, which generally has many more security fixes backported from Chromium.

  • CVE-2024-12694: Use after free in Compositing (8.8 High, RCE)
  • CVE-2024-12693: Out of bounds memory access in V8 (8.0 High, arbitrary code execution but within a sandbox)
  • CVE-2025-0611: Object corruption in V8 (High, RCE)
  • CVE-2025-0437: Out of bounds read in Metrics (8.8 High, RCE)
  • CVE-2025-0447: Inappropriate implementation in Navigation (8.8 High, Privilege Escalation)
  • CVE-2025-0441: Inappropriate implementation in Fenced Frames (6.5 Medium, Sensitive System Information Disclosure)
  • CVE-2025-0443: Insufficient data validation in Extensions (8.8 High, Privilege Escalation)
  • CVE-2025-0438: Stack buffer overflow in Tracing (8.8 High, RCE)
  • CVE-2025-0436: Integer overflow in Skia (8.8 High, RCE)

comment:2 by Douglas R. Reno, 2 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:3 by Douglas R. Reno, 2 months ago

Resolution: fixed
Status: assignedclosed

Fixed at 7ae20e45d451a5475c2af80364428eba4dae535d

SA-12.2-074 issued for Qt6

SA-12.2-075 issued for QtWebEngine

Note: See TracTickets for help on using tickets.