Fedora Account System
Red Hat Associate
Red Hat Customer
qt5-qtwebengine is still stuck at version 5.15.12 tagged 2022-12-27, i.e., more than 13 months ago. Current is v5.15.16-lts tagged 2023-11-17. The shipped version is 4 releases out of date. Each release contains dozens of backported security fixes. In those 13 months, qt5-qtwebengine was rebuilt 4 times for a new qt5-qtbase, but whoever did those rebuilds did not bother upgrading QtWebEngine at the same time and decided to just rebuild the same old insecure code. This does not make sense. Also, I do not understand why there appears to be time for upgrading a dozen qt5-* packages to a new one-year-old code drop entirely irrelevant for security, but not for upgrading one single (the only) security-critical qt5-* package (qt5-qtwebengine) to the latest (not artificially delayed) LTS tag from git. This, too, just does not make sense to me. Reproducible: Always Steps to Reproduce: 1. rpm -q qt5-qtwebengine Actual Results: 5.15.12 Expected Results: 5.15.16 It would also be helpful if RPM Fusion maintainers were notified of impending Qt and/or QtWebEngine updates so that we do not only find out when users start complaining: https://bugzilla.rpmfusion.org/show_bug.cgi?id=6851
FEDORA-2024-bf2399e5e5 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2024-bf2399e5e5
FEDORA-2024-bf2399e5e5 has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-bf2399e5e5` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-bf2399e5e5 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-bf2399e5e5 (qt5-qtwebengine-5.15.16-1.fc39) has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.