Author: ken
Date: Thu Mar 18 22:00:17 2021
New Revision: 1745
Log:
Update the Security Advisory for qtwebengine.
Modified:
html/trunk/blfs/advisories/10.1.html
html/trunk/blfs/advisories/consolidated.html
Modified: html/trunk/blfs/advisories/10.1.html
==============================================================================
--- html/trunk/blfs/advisories/10.1.html Wed Mar 17 09:37:14 2021
(r1744)
+++ html/trunk/blfs/advisories/10.1.html Thu Mar 18 22:00:17 2021
(r1745)
@@ -89,11 +89,12 @@
<h3>QtWebEngine</h3>
<a id="10.1-002">
- <h4>10.1 002 QtWebEngine Date: 2020-11-20 Severity: High</h4>
- <p>There are many CVEs in QtWebEngine-5.15.2, but the source for 5.15.3
- is not packaged nicely and so far it has not been successfully built for
- BLFS-10.1. In the meantime, the workaround is to avoid using QtWebEngine,
- and browsers which use it, such as Falkon, on untrusted pages.
+ <h4>10.1 002 QtWebEngine UpDated: 2021-03-19 Severity: High</h4>
+ <p>Many CVEs in QtWebEngine-5.15.2 have been fixed in version 5.15.3,
+ but the release tarball and the rest of 5.15.3 is not yet available
+ to non-commercial customers. Update to qtwebengine-5.15.3 (using a
+ tarball taken from git, with instructions to install it as 5.15.2
+ to match the installed Qt5 version).
<a href="consolidated.html#10.1-002">10.1-002</a></p>
<!-- end of QtWebEngine -->
Modified: html/trunk/blfs/advisories/consolidated.html
==============================================================================
--- html/trunk/blfs/advisories/consolidated.html Wed Mar 17 09:37:14
2021 (r1744)
+++ html/trunk/blfs/advisories/consolidated.html Thu Mar 18 22:00:17
2021 (r1745)
@@ -151,16 +151,18 @@
<a href="../view/systemd/pst/mupdf.html">MuPDF (systemd)</a>.</p>
<a id="10.1-002">
- <h4>10.1 002 QtWebEngine Date: 2021-03-10 Severity: High</h4>
- <p>In QtWebEngine before 5.15.3 there were many vulnerabilities originating
- in Chromium. Unfortunately, Qt-5.15.3 is currently only available to
commercial
- customers. Although the git source for QtWebEngine and its submodules
remains
- available, packaging that to a state where it can build on BLFS-10.1 has
not been
- achieved. Until that happens, QtWebEngine and browsers using it (in the
book,
- Falkon but there are others) should not be used on any untrusted pages.
For the
- more than 20 CVE vulnerabilites see
- <a href="http://wiki.linuxfromscratch.org/blfs/ticket/14729"/>BLFS
#14729</a>.</p>
- <!-- if we are able to get it to build, update this and add the usual
links -->
+ <h4>10.1 002 QtWebEngine Updated: 2021-03-19 Severity: High</h4>
+ <p>Many CVEs in QtWebEngine-5.15.2 have been fixed in version 5.15.3,
+ but the release tarball and the rest of 5.15.3 is not yet available
+ to non-commercial customers. Before they decided to not produce a file
+ of changes, the details were recorded at <a
+
href="https://codereview.qt-project.org/c/qt/qtwebengine/+/335435/6/dist/changes-5.15.3";>A
Qt code review</a>. For the most recent of those, see <a
+
href="https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html";>Upstream
Chrome, dated 2021-02-16</a>.
+ To fix these, update to the BLFS 5.15.3 git tarball with instructions
+ for installing that as 5.15.2 to match Qt5 (or update to a later version)
+ using the instructions at
+ <a href="../view/svn/x/qtwebengine.html">QtWebEngine (sysv)</a>, or
+ <a href="../view/svn-systemd/x/qtwebengine.html">QtWebEngine
(systemd)</a>.</p>
<a id="10.1-001">
<h4>10.1 001 OpenSSH Date: 2021-03-03 Severity: Medium</h4>
@@ -453,7 +455,7 @@
have tested a way to restore them via a rescue stick or similar, it might
be
possible to build glibc-2.33 in place and then immediately make an unclean
shutdown, e.g. using MagicSysRQ if that is enabled in your kernel. <b>Such
a
- procedure is not recommended, nor has it been tested.</b><i></p>
+ procedure is not recommended, nor has it been tested.</b></i></p>
<a id="10.0-081">
<h4>10.0 081 Firefox UpDated: 2021-02-07 Severity: None</h4>
--
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
