Re: [blfs-book] [BLFS Trac] #14026: qt-everywhere-src-5.15.1

BLFS Trac via blfs-book Thu, 10 Sep 2020 13:41:19 -0700

#14026: qt-everywhere-src-5.15.1
-------------------------+-----------------------
 Reporter:  bdubbs       |       Owner:  bdubbs
     Type:  enhancement  |      Status:  assigned
 Priority:  highest      |   Milestone:  10.1
Component:  BOOK         |     Version:  SVN
 Severity:  normal       |  Resolution:
 Keywords:               |
-------------------------+-----------------------
Changes (by renodr):


 * priority:  normal => highest


Comment:

 '''qtbase'''


 == BEHAVIOR CHANGES ==

 {{{

 ****************************************************************************
 *                        Important Behavior Changes
 *
 ****************************************************************************

  - QSharedPointer objects will now call custom deleters even when the
    pointer being tracked was null. This behavior is the same as
    std::shared_ptr.
  - Restored pre-5.15.0 behavior when converting from QVariant* to QJson*
    types. Unforeseen consequences of changes in 5.15.0 caused QByteArray
    data to be base64url-encoded; the handling of QRegularExpression was
    also unintentionally changed. These conversions are now reverted to the
    prior behavior. Additionally fixed QJsonValue::fromVariant conversions
    for NaN and infinities: they should always convert to QJsonValue::Null.
 }}}


 == SECURITY ISSUES ==

 {{{
  - QImage:
    * Fixed buffer overflow in XBM parser.
    * [oss-fuzz-23988] Fixed buffer overflow in XPM parser.
  - QXmlStreamReader:
    * [oss-fuzz-24347] Reduced memory consumption when handling huge input
 data.
 }}}

 '''qtquickcontrols2'''

 {{{
  - [QTBUG-84381] StackView: fixed heap-use-after-free when pushing after
 clear.
 }}}

 '''QtSvg'''

 {{{
 ****************************************************************************
 *                               QSvgRenderer
 *
 ****************************************************************************

  - [oss-fuzz 23643][oss-fuzz-24028] Fixed endless recursions with
    self-referencing nodes.

  - [oss-fuzz-24146] Fixed endless recursion when inflating gzipped svg.

  - [ozz-fuzz 23606][oss-fuzz-24131] Avoid integer overflows.

  - Fixed various divisions by zero.
 }}}

 '''QtWebEngine'''

 {{{
 Chromium
 --------

  - Security fixes from Chrome up to version 85.0.4183.83, including:

     * CVE-2020-6467
     * CVE-2020-6468
     * CVE-2020-6470
     * CVE-2020-6471
     * CVE-2020-6472
     * CVE-2020-6473
     * CVE-2020-6474
     * CVE-2020-6475
     * CVE-2020-6476
     * CVE-2020-6480
     * CVE-2020-6481
     * CVE-2020-6482
     * CVE-2020-6483
     * CVE-2020-6486
     * CVE-2020-6487
     * CVE-2020-6489
     * CVE-2020-6490
     * CVE-2020-6493: Use after free in WebAuthentication
     * CVE-2020-6506: Insufficient policy enforcement in WebView
     * CVE-2020-6510: Heap buffer overflow in background fetch
     * CVE-2020-6511: Side-channel information leakage in CSP
     * CVE-2020-6512: Type Confusion in V8
     * CVE-2020-6513: Heap buffer overflow in PDFium
     * CVE-2020-6514: Inappropriate implementation in WebRTC
     * CVE-2020-6518: Use after free in developer tools
     * CVE-2020-6523: Out of bounds write in Skia
     * CVE-2020-6524: Heap buffer overflow in WebAudio
     * CVE-2020-6526: Inappropriate implementation in iframe sandbox
     * CVE-2020-6529: Inappropriate implementation in WebRTC
     * CVE-2020-6530: Out of bounds memory access in  developer tools
     * CVE-2020-6531: Side-channel information leakage in scroll to text
     * CVE-2020-6532: Use after free in SCTP
     * CVE-2020-6533: Type Confusion in V8.
     * CVE-2020-6534: Heap buffer overflow in WebRTC
     * CVE-2020-6535: Insufficient data validation in WebUI
     * CVE-2020-6540: Heap buffer overflow in Skia
     * CVE-2020-6541: Use after free in WebUSB
     * CVE-2020-6542: Use after free in ANGLE
     * CVE-2020-6543: Use after free in task scheduling
     * CVE-2020-6544: Use after free in media
     * CVE-2020-6545: Use after free in audio
     * CVE-2020-6548: Heap buffer overflow in Skia
     * CVE-2020-6549: Use after free in media
     * CVE-2020-6550: Use after free in IndexedDB
     * CVE-2020-6551: Use after free in WebXR
     * CVE-2020-6555: Out of bounds read in WebGL
     * CVE-2020-6559: Use after free in presentation API
     * Security bug 1025302
     * Security bug 1029569
     * Security Bug 1048619
     * Security Bug 1051439
     * Security bug 1052492
     * Security bug 1054229
     * Security Bug 1056161
     * Security Bug 1057369
     * Security Bug 1058515
     * Security Bug 1061933
     * Security bug 1065122
     * Security bug 1065731
     * Security Bug 1070012
     * Security bug 1075907
     * Security bug 1087158
     * Security bug 1087629
     * Security bug 1090543
     * Security bug 1098860
     * Security bug 1102137
     * Security bug 1102408
     * Security bug 1108639
 }}}

--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/14026#comment:3>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-book] [BLFS Trac] #14026: qt-everywhere-src-5.15.1

Reply via email to