Fedora has issued an advisory on April 16: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NC6RAT5BS2LMSN5UE3DUX3SVIR6USC4H/ I don't know what, of any, of this is fixable while we're on Qt 5.6.
qt 5.6 is a LTS, so i hope sec issues will be backported :)
CC: (none) => mageia
QA Contact: (none) => securityComponent: RPM Packages => Security
i am looking to this one.
Status: NEW => ASSIGNED
i looked and this will be fixed with version 5.6.3. I will look later if we can backport those fixes
So we either need backported fixes, an update to 5.6.3, or an update to 5.9.1 later on.
Status comment: (none) => Will be fixed in 5.6.3, fixes could possibly be backported
i plan both. Update to qt 5.6.3 when released, and later jump to newer qt LTS but this will need test, test, test so no hurry ;)
I'd say that if Qt upstream doesn't care enough about those security issues to roll out a 5.6.3 in a timely manner (5.6.2 was in October 2016, 5.6.3 planned for August 2017... what is that for an LTS?), or a 5.6.2.1 with only the critical security fixes, we can probably just wait for them to do their job. Either the issues are not critical enough, or Qt upstream is reckless and doesn't care about its customers' security, but in both cases I don't see us doing the QA work that Digia doesn't seem willing to do. So IMO, this will be fixed in August (if there are no delays for 5.6.3...).
Whiteboard: (none) => MGA6TOO
Fedora has issued an advisory today (July 6): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EV3BI7JDO6W3R2LDREE4IAN5PQU3IPFH/ They fixed several more issues by upgrading to 5.9.0.
Summary: qtwebengine5 several new security issues fixed in 5.8.0 => qtwebengine5 several new security issues fixed in 5.8.0 and 5.9.0
i plan to update mga 6 to qt 5.9.0 later, but plasma 5.8.x does not work with qt 5.9 so this is a work i will do but after mga6 release :)
Fixed in cauldron
Version: Cauldron => 6Whiteboard: MGA6TOO => (none)
Fedora has issued an advisory today (November 17): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A7N3JOITXZYKROVZDADU3G3GPC7OPLLD/ They fixed several more issues by upgrading to 5.9.2.
Summary: qtwebengine5 several new security issues fixed in 5.8.0 and 5.9.0 => qtwebengine5 several new security issues fixed in 5.8.0, 5.9.0, and 5.9.2
we will update mageia 6 to qt 5.9.x at the end of december
Fedora has issued an advisory on December 4: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MTQUMCWRYF6W2XTBHKA7YFUANPLTCWGN/ They fixed several more issues by upgrading to 5.9.3.
Summary: qtwebengine5 several new security issues fixed in 5.8.0, 5.9.0, and 5.9.2 => qtwebengine5 several new security issues fixed in 5.8.0, 5.9.0, 5.9.2, and 5.9.3
I installed qt 5.9.3 packages on Mageia 6 64-bits and everything works fine so far.
CC: (none) => olivier.delaune
qtwebengine5-5.9.3-2.mga6 qtwebengine5-doc-5.9.3-2.mga6 libqt5webengine5-5.9.3-2.mga6 libqt5webenginecore5-5.9.3-2.mga6 libqt5webenginewidgets5-5.9.3-2.mga6 libqt5webengine-devel-5.9.3-2.mga6 from qtwebengine5-5.9.3-2.mga6.src.rpm built for the Qt5/KF5/Plasma5 update.
CC: (none) => bequimao.de
Fedora has issued an advisory today (February 25): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LGDSXXPN73LMQRMWCOGQL5XQFGUWIC7D/ Now they've updated to 5.10.1.
This still needs an update to 5.9.4 or 5.10.1.
Summary: qtwebengine5 several new security issues fixed in 5.8.0, 5.9.0, 5.9.2, and 5.9.3 => qtwebengine5 several new security issues fixed in 5.8.0, 5.9.0, 5.9.2, 5.9.3, and 5.9.4Blocks: (none) => 22657
qtwebengine5-5.9.4-1.mga6 qtwebengine5-doc-5.9.4-1.mga6 libqt5webengine5-5.9.4-1.mga6 libqt5webenginecore5-5.9.4-1.mga6 libqt5webenginewidgets5-5.9.4-1.mga6 libqt5webengine-devel-5.9.4-1.mga6 from qtwebengine5-5.9.4-1.mga6.src.rpm
More Fedora advisories from March 25 and 26: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/36XZOQSLKLPBFKLG6D6YPO3YQIIWPTSU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UH23YUKLEZNXH6IZWIPR24T3Q6OJLPSD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MR4YTFAJQPJBIGHBX5JWITCX6GYR5RPQ/ I'm guessing our update doesn't have these fixes in it.
Fedora has issued an advisory on December 19: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7MR5MDFEUCNVBCGVTWVEMGQXACIDFR46/
Summary: qtwebengine5 several new security issues fixed in 5.8.0, 5.9.0, 5.9.2, 5.9.3, and 5.9.4 => qtwebengine5 several new security issues fixed in 5.8.0, 5.9.0, 5.9.2, 5.9.3, 5.9.4, 5.11.3
Mageia 6 is EOL.
CC: (none) => mramboResolution: (none) => OLDStatus: ASSIGNED => RESOLVED