openSUSE-SU-2022:10049-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2022:10049-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2022:10049-1
Related
Published
2022-07-10T16:01:15Z
Modified
2022-07-10T16:01:15Z
Summary
Security update for libqt5-qtwebengine
Details

This update for libqt5-qtwebengine fixes the following issues:

Update to version 5.15.10:

  • Fix top level build with no widget
  • Fix read-after-free on EGL extensions
  • Update Chromium
  • Add workaround for unstable gn on macOS in ci
  • Pass archiver to gn build
  • Fix navigation to non-local URLs
  • Add support for universal builds for qtwebengine and qtpdf
  • Enable Apple Silicon support
  • Fix cross compilation x86_64->arm64 on mac
  • Bump version to 5.15.10
  • CustomDialogs: Make custom input fields readable in dark mode
  • CookieBrowser: Make alternating rows readable in dark mode

  • Update Chromium:

    • Bump V8PATCHLEVEL
    • Fix clang set-but-unused-variable warning
    • Fix mac toolchain python linker script call
    • Fix missing dependency for gpu sources
    • Fix python calls
    • Fix undefined symbol for universal link
    • Quick fix for regression in service workers by reverting backports
    • [Backport] CVE-2022-0797: Out of bounds memory access in Mojo
    • [Backport] CVE-2022-1125
    • [Backport] CVE-2022-1138: Inappropriate implementation in Web Cursor.
    • [Backport] CVE-2022-1305: Use after free in storage
    • [Backport] CVE-2022-1310: Use after free in regular expressions
    • [Backport] CVE-2022-1314: Type Confusion in V8
    • [Backport] CVE-2022-1493: Use after free in Dev Tools
    • [Backport] On arm64 hosts, set host_cpu to 'arm64', not 'arm'
    • [Backport] Security Bug 1296876
    • [Backport] Security bug 1269999
    • [Backport] Security bug 1280852
    • [Backport] Security bug 1292905
    • [Backport] Security bug 1304659
    • [Backport] Security bug 1306507
References

Affected packages

SUSE:Package Hub 15 SP4 / libqt5-qtwebengine

Package

Name
libqt5-qtwebengine
Purl
pkg:rpm/suse/libqt5-qtwebengine&distro=SUSE%20Package%20Hub%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.10-bp154.2.3.2

Ecosystem specific

{
    "binaries": [
        {
            "libQt5PdfWidgets5": "5.15.10-bp154.2.3.2",
            "libqt5-qtpdf-imports": "5.15.10-bp154.2.3.2",
            "libqt5-qtwebengine-devel": "5.15.10-bp154.2.3.2",
            "libqt5-qtwebengine": "5.15.10-bp154.2.3.2",
            "libqt5-qtpdf-examples": "5.15.10-bp154.2.3.2",
            "libqt5-qtpdf-private-headers-devel": "5.15.10-bp154.2.3.2",
            "libQt5Pdf5": "5.15.10-bp154.2.3.2",
            "libqt5-qtpdf-devel": "5.15.10-bp154.2.3.2",
            "libqt5-qtwebengine-examples": "5.15.10-bp154.2.3.2",
            "libqt5-qtwebengine-private-headers-devel": "5.15.10-bp154.2.3.2"
        }
    ]
}

openSUSE:Leap 15.4 / libqt5-qtwebengine

Package

Name
libqt5-qtwebengine
Purl
pkg:rpm/opensuse/libqt5-qtwebengine&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.10-bp154.2.3.2

Ecosystem specific

{
    "binaries": [
        {
            "libQt5PdfWidgets5": "5.15.10-bp154.2.3.2",
            "libqt5-qtpdf-imports": "5.15.10-bp154.2.3.2",
            "libqt5-qtwebengine-devel": "5.15.10-bp154.2.3.2",
            "libqt5-qtwebengine": "5.15.10-bp154.2.3.2",
            "libqt5-qtpdf-examples": "5.15.10-bp154.2.3.2",
            "libqt5-qtpdf-private-headers-devel": "5.15.10-bp154.2.3.2",
            "libQt5Pdf5": "5.15.10-bp154.2.3.2",
            "libqt5-qtpdf-devel": "5.15.10-bp154.2.3.2",
            "libqt5-qtwebengine-examples": "5.15.10-bp154.2.3.2",
            "libqt5-qtwebengine-private-headers-devel": "5.15.10-bp154.2.3.2"
        }
    ]
}