Red Hat Bugzilla – Bug 1466689
QtWebEngine: multiple security vulnerabilities fixed in 5.9.0
Last modified: 2017-07-06 18:49:51 EDT
QtWebEngine 5.9.0 fixes the following security issues in QtWebEngine 5.8.0: CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5032, CVE-2017-5033, CVE-2017-5034, CVE-2017-5036, CVE-2017-5039, CVE-2017-5040, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046, CVE-2017-5052, CVE-2017-5053, CVE-2017-5055, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5068, and CVE-2017-5069.
Since this package ships on the KDE (Plasma) and LXQt spins, I am hereby requesting a freeze exception for
qt5-qtwebengine-5.9.0-4.fc26. The web browser QupZilla using QtWebEngine is the default browser on the LXQt spin and also shipped on the KDE (Plasma) spin. The KDE (Plasma) spin also ships KMail as the default mail application, which uses QtWebEngine to render HTML mail.
qt5-qtwebengine-5.9.0-4.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-e83c26a8c9
Definitely +1 FE. Are any of those "'important' or higher impact according to the Red Hat severity classification scale"? If so, this should be a blocker.
That's at least enough votes for an FE, accepting.
Confirming that qt5-qtwebengine-5.9.0-4.fc26.x86_64 is on the KDE Live spin in RC 1.3.
qt5-qtwebengine-5.9.0-4.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.