Bug 866332

Summary:	<dev-qt/qtwebengine-5.15.7_p20221122: Multiple vulnerabilities...
Product:	Gentoo Security	Reporter:	Andreas Sturmlechner <asturm>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	qt
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=847370 https://bugs.gentoo.org/show_bug.cgi?id=851003 https://bugs.gentoo.org/show_bug.cgi?id=853643 https://bugs.gentoo.org/show_bug.cgi?id=858104 https://bugs.gentoo.org/show_bug.cgi?id=859442 https://bugs.gentoo.org/show_bug.cgi?id=863512 https://bugs.gentoo.org/show_bug.cgi?id=873817 https://bugs.gentoo.org/show_bug.cgi?id=876855 https://bugs.gentoo.org/show_bug.cgi?id=872407
Whiteboard:	A2 [glsa+]
Package list:		Runtime testing required:	---
Bug Depends on:	883677
Bug Blocks:	861764, 888181

Description Andreas Sturmlechner gentoo-dev

2022-08-24 15:58:50 UTC

Update Chromium5.15
Submodule src/3rdparty 7e11d69b..be349eaf:
  * [Backport] Security bug 1343889
  * [Backport] CVE-2022-2610: Insufficient policy enforcement in Background Fetch
  * [Backport] CVE-2022-2477 : Use after free in Guest View
  * [Backport] CVE-2022-27406
  * [Backport] CVE-2022-27405 (2/2)
  * [Backport] CVE-2022-27405 (1/2)
  * [Backport] CVE-2022-27404
  * [Backport] Security bug 1287804
  * [Backport] CVE-2022-2294: Heap buffer overflow in WebRTC (2/2)
  * [Backport] CVE-2022-2294: Heap buffer overflow in WebRTC (1/2)
  * [Backport] CVE-2022-2295: Type Confusion in V8
  * [Backport] CVE-2022-2160: Insufficient policy enforcement in DevTools
  * [Backport] CVE-2022-2162: Insufficient policy enforcement in File System API
  * [Backport] CVE-2022-2158: Type Confusion in V8
  * [Backport] Security bug 1316578
  * [Backport] CVE-2022-2008: Out of bounds memory access in WebGL
  * [Backport] CVE-2022-2010: Out of bounds read in compositing
  * [Backport] CVE-2022-1854: Use after free in ANGLE.
  * [Backport] CVE-2022-1857: Insufficient policy enforcement in File System API
  * [Backport] CVE-2022-1855: Use after free in Messaging
  * FIXUP: Fix url_utils for QtWebEngine

https://code.qt.io/cgit/qt/qtwebengine.git/commit/?h=5.15&id=2291526b04a09e126eff5785bbfb869b223c7fa2

Comment 1 Andreas Sturmlechner gentoo-dev

2022-08-24 16:04:08 UTC

There is also CVE-2022-27404, CVE-2022-27405, CVE-2022-27406 (bug 840224) but the ebuild depends on media-libs/freetype so I assume it is using system-freetype.

Comment 2 Morteza 2022-10-06 22:14:56 UTC

Any progress on these cve?

Comment 3 Larry the Git Cow gentoo-dev

2022-11-29 20:51:36 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b29d1aa9e776bef58cf639b10bdbe4d21a236d7c

commit b29d1aa9e776bef58cf639b10bdbe4d21a236d7c
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2022-11-29 19:32:46 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2022-11-29 20:50:29 +0000

    dev-qt/qtwebengine: add 5.15.7_p20221122
    
    Snapshotted at:
    Branch: 5.15
    Commit: 5d89f26414471689a9626515d098104e38bacbda
    
    Submodule qtwebengine-chromium.git:
    Branch: 87-based
    Commit: 20f20a41961ae1f63cf04a02f743cd2d9892a3b0
    
    Patched with security patches up to Chromium version: 98.0.4758.102
    
    Bug: https://bugs.gentoo.org/866332
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 +
 .../qtwebengine-5.15.7_p20221122.ebuild            | 282 +++++++++++++++++++++
 2 files changed, 283 insertions(+)

Comment 4 Andreas Sturmlechner gentoo-dev

2022-11-29 21:24:04 UTC

[Backport] Security bug 137891687-based
Fixup the patch for CVE-2022-3200 on 87-based / 5.15
[Backport] CVE-2022-3200: Heap buffer overflow in Internals
[Backport] CVE-2022-3887: Use after free in Web Workers
[Backport] CVE-2022-3890: Heap buffer overflow in Crashpad
[Backport] CVE-2022-3889: Type Confusion in V8
[Backport] CVE-2022-3885: Use after free in V8
[Backport] CVE-2022-3445: Use after free in Skia.
[Backport] CVE-2022-3373: Out of bounds write in V8
Fix building with XCode 14.1
[Backport] CVE-2022-3046: Use after free in Browser Tag
[Backport] CVE-2022-3446 and CVE-2022-35737
[Backport] CVE-2022-3304: Use after free in CSS
[Backport] CVE-2022-3201: Insufficient validation of untrusted input in Devel...
[Backport] Security bug 1356308
[Backport] CVE-2022-3370: Use after free in Custom Elements
[Backport] Security bugs 1346938 and 1338114
[Backport] CVE-2022-3199: Use after free in Frames.
[Backport] CVE-2022-3198: Use after free in PDF
[Backport] CVE-2022-3197: Use after free in PDF
[Backport] CVE-2022-3196: Use after free in PDF
[Backport] CVE-2022-3075: Insufficient data validation in Mojo
[Backport] CVE-2022-3040: Use after free in Layout
[Backport] CVE-2022-3041: Use after free in WebSQL
[Backport] CVE-2022-3038: Use after free in Network Service

Comment 5 Larry the Git Cow gentoo-dev

2022-12-06 17:07:00 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=acd584359ad952899442a4d7a0187df45e33fc7c

commit acd584359ad952899442a4d7a0187df45e33fc7c
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2022-12-05 20:09:19 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2022-12-06 17:05:58 +0000

    dev-qt/qtwebengine: cleanup vulnerable 5.15.5_p20220618
    
    Bug: https://bugs.gentoo.org/866332
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 -
 .../qtwebengine-5.15.5_p20220618.ebuild            | 283 ---------------------
 2 files changed, 284 deletions(-)

Comment 6 Larry the Git Cow gentoo-dev

2023-11-25 09:51:12 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=dd9cd4b6340b04f214138bcc4ca322bc52441f35

commit dd9cd4b6340b04f214138bcc4ca322bc52441f35
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-11-25 09:50:35 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-11-25 09:51:04 +0000

    [ GLSA 202311-11 ] QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/866332
    Bug: https://bugs.gentoo.org/888181
    Bug: https://bugs.gentoo.org/903544
    Bug: https://bugs.gentoo.org/904290
    Bug: https://bugs.gentoo.org/906857
    Bug: https://bugs.gentoo.org/909778
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202311-11.xml | 163 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 163 insertions(+)