#8644 closed enhancement (fixed)
qt-5.7.1 (critical bug fix release, CVE-2016-51{33,47,53,55,61,66,70,71,72,81,85,86,87,88,92,98)
Reported by: | Douglas R. Reno | Owned by: | |
---|---|---|---|
Priority: | highest | Milestone: | 8.0 |
Component: | BOOK | Version: | SVN |
Severity: | critical | Keywords: | |
Cc: |
Description
New point version.
In addition to the security changes, I went through all of the changelogs available. Users on bog-standard Nouveau cards have been having issues with KDE and other QtWayland specific problems. GT cards are fine, but the standard GTX gaming graphics cards are not. Archetech reported this to me in IRC two weeks ago and I've been helping him troubleshoot since.
CVE-2016-5133, CVE-2016-5147, CVE-2016-5153, CVE-2016-5155, CVE-2016-5161, CVE-2016-5166, CVE-2016-5170, CVE-2016-5171, CVE-2016-5172, CVE-2016-5181, CVE-2016-5185, CVE-2016-5186, CVE-2016-5187, CVE-2016-5188, CVE-2016-5192, CVE-2016-5198
This is after 8 months of waiting. Several things were also broken in Qt-5.7.0 (major functionality, like bluetooth connectivity), that are now fixed in Qt-5.7.1.
Change History (5)
comment:1 by , 8 years ago
comment:2 by , 8 years ago
All the (non-embargoed) CVE's above are in qtwebengine, which we just build optionally for qupzilla... I've not been able to get the version of chrome used by Qt-5.7.0.
comment:3 by , 8 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
Alright, here's some detailed vulnerability descriptions. I'm taking this if this is not taken in the next three hours since I'm right there at the point where I need to build it.
CVE-2016-5133
CVE-2016-5147
CVE-2016-5153
CVE-2016-5155
CVE-2016-5161
CVE-2016-5166
CVE-2016-5170
CVE-2016-5171
CVE-2016-5172
CVE-2016-5181
CVE-2016-5185
CVE-2016-5186
CVE-2016-5187
CVE-2016-5188
CVE-2016-5192
CVE-2016-5198
Out of the above list, several of them scored 8.8 "HIGH" on the CVSSv3 metric.