Bug 1466689 - QtWebEngine: multiple security vulnerabilities fixed in 5.9.0
QtWebEngine: multiple security vulnerabilities fixed in 5.9.0
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: qt5-qtwebengine (Show other bugs)
26
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Kevin Kofler
Fedora Extras Quality Assurance
AcceptedFreezeException
:
Depends On:
Blocks: F26FinalFreezeException
  Show dependency treegraph
 
Reported: 2017-06-30 05:07 EDT by Kevin Kofler
Modified: 2017-07-06 18:49 EDT (History)
6 users (show)

See Also:
Fixed In Version: qt5-qtwebengine-5.9.0-4.fc26
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-07-06 18:49:51 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kevin Kofler 2017-06-30 05:07:19 EDT
QtWebEngine 5.9.0 fixes the following security issues in QtWebEngine 5.8.0: CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5032, CVE-2017-5033, CVE-2017-5034, CVE-2017-5036, CVE-2017-5039, CVE-2017-5040, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046, CVE-2017-5052, CVE-2017-5053, CVE-2017-5055, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5068, and CVE-2017-5069.

Since this package ships on the KDE (Plasma) and LXQt spins, I am hereby requesting a freeze exception for 
qt5-qtwebengine-5.9.0-4.fc26. The web browser QupZilla using QtWebEngine is the default browser on the LXQt spin and also shipped on the KDE (Plasma) spin. The KDE (Plasma) spin also ships KMail as the default mail application, which uses QtWebEngine to render HTML mail.
Comment 1 Fedora Update System 2017-06-30 05:08:23 EDT
qt5-qtwebengine-5.9.0-4.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-e83c26a8c9
Comment 2 Adam Williamson 2017-06-30 15:13:45 EDT
Definitely +1 FE. Are any of those "'important' or higher impact according to the Red Hat severity classification scale"? If so, this should be a blocker.
Comment 3 Kevin Fenzi 2017-06-30 15:22:24 EDT
+1 FE
Comment 4 Dennis Gilmore 2017-06-30 16:56:24 EDT
+1 FE
Comment 5 Mohan Boddu 2017-06-30 16:57:30 EDT
+1 FE
Comment 6 Adam Williamson 2017-06-30 16:58:00 EDT
That's at least enough votes for an FE, accepting.
Comment 7 Matthew Miller 2017-07-02 12:28:20 EDT
Confirming that qt5-qtwebengine-5.9.0-4.fc26.x86_64 is on the KDE Live spin in RC 1.3.
Comment 8 Fedora Update System 2017-07-06 18:49:51 EDT
qt5-qtwebengine-5.9.0-4.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.