[website] r1735 - html/trunk/blfs/advisories

[ken]

Author: ken
Date: Tue Mar  9 19:54:19 2021
New Revision: 1735

Log:
Initial advisory for QtWebEngine.

Modified:
   html/trunk/blfs/advisories/10.1.html
   html/trunk/blfs/advisories/consolidated.html

Modified: html/trunk/blfs/advisories/10.1.html
==============================================================================
--- html/trunk/blfs/advisories/10.1.html        Tue Mar  9 12:58:46 2021        
(r1734)
+++ html/trunk/blfs/advisories/10.1.html        Tue Mar  9 19:54:19 2021        
(r1735)
@@ -59,4 +59,16 @@
 
     <!-- end of OpenSSH -->
 
+    <h3>QtWebEngine</h3>
+
+    <a id="10.1-002">
+    <h4>10.1 002 QtWebEngine  Date: 2020-11-20  Severity: High</h4>
+    <p>There are many CVEs in QtWebEngine-5.15.2, but the source for 5.15.3
+    is not packaged nicely and so far it has not been successfully built for
+    BLFS-10.1. In the meantime, the workaround is to avoid using QtWebEngine,
+    and browsers which use it, such as Falkon, on untrusted pages.
+    <a href=consolidated.html#10.1-002>10.1-002</a></p>
+
+<!-- end of QtWebEngine -->
+
 <!--#include virtual="/common/footer.html" -->

Modified: html/trunk/blfs/advisories/consolidated.html
==============================================================================
--- html/trunk/blfs/advisories/consolidated.html        Tue Mar  9 12:58:46 
2021        (r1734)
+++ html/trunk/blfs/advisories/consolidated.html        Tue Mar  9 19:54:19 
2021        (r1735)
@@ -81,6 +81,18 @@
     releases of the books.</p>
     -->
 
+    <a id="10.1-002">
+    <h4>10.1 002 QtWebEngine  Date: 2021-03-10  Severity: High</h4>
+    <p>In QtWebEngine before 5.15.3 there were many vulnerabilities originating
+    in Chromium. Unfortunately, Qt-5.15.3 is currently only available to 
commercial
+    customers. Although the git source for QtWebEngine and its submodules 
remains
+    available, packaging that to a state where it can build on BLFS-10.1 has 
not been
+    achieved. Until that happens, QtWebEngine and browsers using it (in the 
book,
+    Falkon but there are others) should not be used on any untrusted pages. 
For the
+    more than 20 CVE vulnerabilites see
+    <a href="http://wiki.linuxfromscratch.org/blfs/ticket/14729"/>BLFS 
#14729</a>.</p>
+    <!-- if we are able to get it to build, update this and add the usual 
links -->
+
     <a id="10.1-001">
     <h4>10.0 001 OpenSSH Date: 2021-03-03 Severity: Medium</h4>
     <p>OpenSSH-8.2p1 through OpenSSH-8.4p1 included a security vulnerability
-- 
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page