FS#61947 : [qt5-webengine] CVE-2019-5786: RCE in Chromium

FS#61947 - [qt5-webengine] CVE-2019-5786: RCE in Chromium

Attached to Project: Arch Linux
Opened by Florian Bruhin (The-Compiler) - Friday, 08 March 2019, 06:28 GMT
Last edited by Antonio Rojas (arojas) - Friday, 08 March 2019, 09:22 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Antonio Rojas (arojas)
Architecture	All
Severity	Critical
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Chromium recently fixed an RCE zero-day which is actively being exploited in the wild: https://nakedsecurity.sophos.com/2019/03/06/serious-chrome-zero-day-google-says-update-right-this-minute/

QtWebEngine fixed it for Qt 5.12.2 here: https://codereview.qt-project.org/#/c/255162/ - given how serious the issue is, it probably makes sense to add it to the package (it applies cleanly to .1).

I attached a patch to the PKGBUILD.

0001-Add-fix-for-CVE-2019-578... (1.7 KiB)

This task depends upon

Closed by Antonio Rojas (arojas)
Friday, 08 March 2019, 09:22 GMT
Reason for closing: Fixed
Additional comments about closing: qt5-webengine 5.12.1-3

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#61947 - [qt5-webengine] CVE-2019-5786: RCE in Chromium

Details

Loading...