Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#79703 - [qt6-webengine] [security] (patch) CVE-2023-4863: libwebp: OOB write in BuildHuffmanTable
Attached to Project:
Arch Linux
Opened by Florian Bruhin (The-Compiler) - Friday, 15 September 2023, 18:27 GMT
Last edited by Antonio Rojas (arojas) - Friday, 15 September 2023, 19:12 GMT
Opened by Florian Bruhin (The-Compiler) - Friday, 15 September 2023, 18:27 GMT
Last edited by Antonio Rojas (arojas) - Friday, 15 September 2023, 19:12 GMT
|
DetailsEarlier this week, Chrome released a fix for CVE-2023-4863:
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html Note: "Google is aware that an exploit for CVE-2023-4863 exists in the wild." I'm assuming QtWebEngine is affected as well. Backport for Qt 6.5 is here: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/503192 https://code.qt.io/cgit/qt/qtwebengine-chromium.git/patch/?id=31f287a0142b6b78698504b528d35c9506dcdb43 |
This task depends upon
Closed by Antonio Rojas (arojas)
Friday, 15 September 2023, 19:12 GMT
Reason for closing: Not a bug
Additional comments about closing: Our package uses the system libwebp, not the vendored one.
Friday, 15 September 2023, 19:12 GMT
Reason for closing: Not a bug
Additional comments about closing: Our package uses the system libwebp, not the vendored one.