| Summary: | qtwebengine5 several new security issues fixed in 5.8.0, 5.9.0, 5.9.2, 5.9.3, 5.9.4, 5.11.3 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | KDE maintainers <kde> |
| Status: | RESOLVED OLD | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | bequimao.de, mageia, mhrambo3501, olivier.delaune |
| Version: | 6 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | qtwebengine5-5.6.2-5.mga6.src.rpm | CVE: | |
| Status comment: | Will be fixed in 5.6.3, fixes could possibly be backported | ||
| Bug Depends on: | |||
| Bug Blocks: | 22657 | ||
|
Description
David Walser
2017-04-16 17:16:13 CEST
qt 5.6 is a LTS, so i hope sec issues will be backported :) CC:
(none) =>
mageia
David Walser
2017-04-17 22:39:46 CEST
QA Contact:
(none) =>
security i am looking to this one.
Nicolas Lécureuil
2017-04-29 23:37:41 CEST
Status:
NEW =>
ASSIGNED i looked and this will be fixed with version 5.6.3. I will look later if we can backport those fixes So we either need backported fixes, an update to 5.6.3, or an update to 5.9.1 later on. Status comment:
(none) =>
Will be fixed in 5.6.3, fixes could possibly be backported i plan both. Update to qt 5.6.3 when released, and later jump to newer qt LTS but this will need test, test, test so no hurry ;) I'd say that if Qt upstream doesn't care enough about those security issues to roll out a 5.6.3 in a timely manner (5.6.2 was in October 2016, 5.6.3 planned for August 2017... what is that for an LTS?), or a 5.6.2.1 with only the critical security fixes, we can probably just wait for them to do their job. Either the issues are not critical enough, or Qt upstream is reckless and doesn't care about its customers' security, but in both cases I don't see us doing the QA work that Digia doesn't seem willing to do. So IMO, this will be fixed in August (if there are no delays for 5.6.3...).
David Walser
2017-07-07 04:24:16 CEST
Whiteboard:
(none) =>
MGA6TOO Fedora has issued an advisory today (July 6): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EV3BI7JDO6W3R2LDREE4IAN5PQU3IPFH/ They fixed several more issues by upgrading to 5.9.0. Summary:
qtwebengine5 several new security issues fixed in 5.8.0 =>
qtwebengine5 several new security issues fixed in 5.8.0 and 5.9.0 i plan to update mga 6 to qt 5.9.0 later, but plasma 5.8.x does not work with qt 5.9 so this is a work i will do but after mga6 release :) Fixed in cauldron Version:
Cauldron =>
6 Fedora has issued an advisory today (November 17): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A7N3JOITXZYKROVZDADU3G3GPC7OPLLD/ They fixed several more issues by upgrading to 5.9.2. Summary:
qtwebengine5 several new security issues fixed in 5.8.0 and 5.9.0 =>
qtwebengine5 several new security issues fixed in 5.8.0, 5.9.0, and 5.9.2 we will update mageia 6 to qt 5.9.x at the end of december Fedora has issued an advisory on December 4: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MTQUMCWRYF6W2XTBHKA7YFUANPLTCWGN/ They fixed several more issues by upgrading to 5.9.3. Summary:
qtwebengine5 several new security issues fixed in 5.8.0, 5.9.0, and 5.9.2 =>
qtwebengine5 several new security issues fixed in 5.8.0, 5.9.0, 5.9.2, and 5.9.3 I installed qt 5.9.3 packages on Mageia 6 64-bits and everything works fine so far. CC:
(none) =>
olivier.delaune qtwebengine5-5.9.3-2.mga6 qtwebengine5-doc-5.9.3-2.mga6 libqt5webengine5-5.9.3-2.mga6 libqt5webenginecore5-5.9.3-2.mga6 libqt5webenginewidgets5-5.9.3-2.mga6 libqt5webengine-devel-5.9.3-2.mga6 from qtwebengine5-5.9.3-2.mga6.src.rpm built for the Qt5/KF5/Plasma5 update.
Ulrich Beckmann
2018-02-11 18:36:15 CET
CC:
(none) =>
bequimao.de Fedora has issued an advisory today (February 25): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LGDSXXPN73LMQRMWCOGQL5XQFGUWIC7D/ Now they've updated to 5.10.1. This still needs an update to 5.9.4 or 5.10.1. Summary:
qtwebengine5 several new security issues fixed in 5.8.0, 5.9.0, 5.9.2, and 5.9.3 =>
qtwebengine5 several new security issues fixed in 5.8.0, 5.9.0, 5.9.2, 5.9.3, and 5.9.4 qtwebengine5-5.9.4-1.mga6 qtwebengine5-doc-5.9.4-1.mga6 libqt5webengine5-5.9.4-1.mga6 libqt5webenginecore5-5.9.4-1.mga6 libqt5webenginewidgets5-5.9.4-1.mga6 libqt5webengine-devel-5.9.4-1.mga6 from qtwebengine5-5.9.4-1.mga6.src.rpm More Fedora advisories from March 25 and 26: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/36XZOQSLKLPBFKLG6D6YPO3YQIIWPTSU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UH23YUKLEZNXH6IZWIPR24T3Q6OJLPSD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MR4YTFAJQPJBIGHBX5JWITCX6GYR5RPQ/ I'm guessing our update doesn't have these fixes in it. Fedora has issued an advisory on December 19: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7MR5MDFEUCNVBCGVTWVEMGQXACIDFR46/ Summary:
qtwebengine5 several new security issues fixed in 5.8.0, 5.9.0, 5.9.2, 5.9.3, and 5.9.4 =>
qtwebengine5 several new security issues fixed in 5.8.0, 5.9.0, 5.9.2, 5.9.3, 5.9.4, 5.11.3 Mageia 6 is EOL. CC:
(none) =>
mrambo |