FS#61947 - [qt5-webengine] CVE-2019-5786: RCE in Chromium
Attached to Project:
Arch Linux
Opened by Florian Bruhin (The-Compiler) - Friday, 08 March 2019, 06:28 GMT
Last edited by Antonio Rojas (arojas) - Friday, 08 March 2019, 09:22 GMT
Opened by Florian Bruhin (The-Compiler) - Friday, 08 March 2019, 06:28 GMT
Last edited by Antonio Rojas (arojas) - Friday, 08 March 2019, 09:22 GMT
|
Details
Chromium recently fixed an RCE zero-day which is actively
being exploited in the wild:
https://nakedsecurity.sophos.com/2019/03/06/serious-chrome-zero-day-google-says-update-right-this-minute/
QtWebEngine fixed it for Qt 5.12.2 here: https://codereview.qt-project.org/#/c/255162/ - given how serious the issue is, it probably makes sense to add it to the package (it applies cleanly to .1). I attached a patch to the PKGBUILD. |
This task depends upon
Closed by Antonio Rojas (arojas)
Friday, 08 March 2019, 09:22 GMT
Reason for closing: Fixed
Additional comments about closing: qt5-webengine 5.12.1-3
Friday, 08 March 2019, 09:22 GMT
Reason for closing: Fixed
Additional comments about closing: qt5-webengine 5.12.1-3