Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#61947 - [qt5-webengine] CVE-2019-5786: RCE in Chromium
Attached to Project:
Arch Linux
Opened by Florian Bruhin (The-Compiler) - Friday, 08 March 2019, 06:28 GMT
Last edited by Antonio Rojas (arojas) - Friday, 08 March 2019, 09:22 GMT
Opened by Florian Bruhin (The-Compiler) - Friday, 08 March 2019, 06:28 GMT
Last edited by Antonio Rojas (arojas) - Friday, 08 March 2019, 09:22 GMT
|
DetailsChromium recently fixed an RCE zero-day which is actively being exploited in the wild: https://nakedsecurity.sophos.com/2019/03/06/serious-chrome-zero-day-google-says-update-right-this-minute/
QtWebEngine fixed it for Qt 5.12.2 here: https://codereview.qt-project.org/#/c/255162/ - given how serious the issue is, it probably makes sense to add it to the package (it applies cleanly to .1). I attached a patch to the PKGBUILD. 
0001-Add-fix-for-CVE-2019-578...
(1.7 KiB)
|
This task depends upon
Closed by Antonio Rojas (arojas)
Friday, 08 March 2019, 09:22 GMT
Reason for closing: Fixed
Additional comments about closing: qt5-webengine 5.12.1-3
Friday, 08 March 2019, 09:22 GMT
Reason for closing: Fixed
Additional comments about closing: qt5-webengine 5.12.1-3