From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 909F41581F0 for ; Thu, 23 Jan 2025 07:27:43 +0000 (UTC) Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) (Authenticated sender: relay-lists.gentoo.org@gentoo.org) by smtp.gentoo.org (Postfix) with ESMTPSA id 747E93434D3 for ; Thu, 23 Jan 2025 07:27:43 +0000 (UTC) Received: from bobolink.gentoo.org (localhost [127.0.0.1]) by bobolink.gentoo.org (Postfix) with ESMTP id 64FC0110467; Thu, 23 Jan 2025 07:22:53 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bobolink.gentoo.org (Postfix) with ESMTPS id 98A3411042D for ; Thu, 23 Jan 2025 07:22:24 +0000 (UTC) Received: from glsamakerdev.dev.gentoo.org (glsamakerdev.dev.gentoo.org [140.211.166.178]) by smtp.gentoo.org (Postfix) with ESMTP id 7A473343267 for ; Thu, 23 Jan 2025 07:22:24 +0000 (UTC) Received: from [172.18.0.3] (unknown [172.18.0.3]) by glsamakerdev.dev.gentoo.org (Postfix) with ESMTP id 6EA98C7710 for ; Thu, 23 Jan 2025 07:22:24 +0000 (UTC) Subject: [gentoo-announce] [ GLSA 202501-09 ] QtWebEngine: Multiple Vulnerabilities Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-announce@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha512"; boundary="===============1052128712436867726==" From: glsamaker@gentoo.org To: gentoo-announce@lists.gentoo.org Reply-To: security@gentoo.org Date: Thu, 23 Jan 2025 07:22:24 -0000 Message-ID: <173761694445.7.12467892158685937318@3f85d36892cf> X-Archives-Salt: 594c3084-5ba4-47f0-be71-7d3045ab6d7a X-Archives-Hash: 70cd2b379ca8910407912037f742a328 --===============1052128712436867726== Content-Type: text/plain; charset="utf-8" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202501-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: QtWebEngine: Multiple Vulnerabilities Date: January 23, 2025 Bugs: #944807 ID: 202501-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. Background ========== QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. Affected packages ================= Package Vulnerable Unaffected ------------------ ------------------- -------------------- dev-qt/qtwebengine < 5.15.16_p20241115 >= 5.15.16_p20241115 Description =========== Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All QtWebEngine users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-qt/qtwebengine-5.15.16_p20241115" References ========== [ 1 ] CVE-2024-4058 https://nvd.nist.gov/vuln/detail/CVE-2024-4058 [ 2 ] CVE-2024-4059 https://nvd.nist.gov/vuln/detail/CVE-2024-4059 [ 3 ] CVE-2024-4060 https://nvd.nist.gov/vuln/detail/CVE-2024-4060 [ 4 ] CVE-2024-4558 https://nvd.nist.gov/vuln/detail/CVE-2024-4558 [ 5 ] CVE-2024-4559 https://nvd.nist.gov/vuln/detail/CVE-2024-4559 [ 6 ] CVE-2024-4761 https://nvd.nist.gov/vuln/detail/CVE-2024-4761 [ 7 ] CVE-2024-5157 https://nvd.nist.gov/vuln/detail/CVE-2024-5157 [ 8 ] CVE-2024-5158 https://nvd.nist.gov/vuln/detail/CVE-2024-5158 [ 9 ] CVE-2024-5159 https://nvd.nist.gov/vuln/detail/CVE-2024-5159 [ 10 ] CVE-2024-5160 https://nvd.nist.gov/vuln/detail/CVE-2024-5160 [ 11 ] CVE-2024-5830 https://nvd.nist.gov/vuln/detail/CVE-2024-5830 [ 12 ] CVE-2024-5831 https://nvd.nist.gov/vuln/detail/CVE-2024-5831 [ 13 ] CVE-2024-5832 https://nvd.nist.gov/vuln/detail/CVE-2024-5832 [ 14 ] CVE-2024-5833 https://nvd.nist.gov/vuln/detail/CVE-2024-5833 [ 15 ] CVE-2024-5834 https://nvd.nist.gov/vuln/detail/CVE-2024-5834 [ 16 ] CVE-2024-5835 https://nvd.nist.gov/vuln/detail/CVE-2024-5835 [ 17 ] CVE-2024-5836 https://nvd.nist.gov/vuln/detail/CVE-2024-5836 [ 18 ] CVE-2024-5837 https://nvd.nist.gov/vuln/detail/CVE-2024-5837 [ 19 ] CVE-2024-5838 https://nvd.nist.gov/vuln/detail/CVE-2024-5838 [ 20 ] CVE-2024-5839 https://nvd.nist.gov/vuln/detail/CVE-2024-5839 [ 21 ] CVE-2024-5840 https://nvd.nist.gov/vuln/detail/CVE-2024-5840 [ 22 ] CVE-2024-5841 https://nvd.nist.gov/vuln/detail/CVE-2024-5841 [ 23 ] CVE-2024-5842 https://nvd.nist.gov/vuln/detail/CVE-2024-5842 [ 24 ] CVE-2024-5843 https://nvd.nist.gov/vuln/detail/CVE-2024-5843 [ 25 ] CVE-2024-5844 https://nvd.nist.gov/vuln/detail/CVE-2024-5844 [ 26 ] CVE-2024-5845 https://nvd.nist.gov/vuln/detail/CVE-2024-5845 [ 27 ] CVE-2024-5846 https://nvd.nist.gov/vuln/detail/CVE-2024-5846 [ 28 ] CVE-2024-5847 https://nvd.nist.gov/vuln/detail/CVE-2024-5847 [ 29 ] CVE-2024-6290 https://nvd.nist.gov/vuln/detail/CVE-2024-6290 [ 30 ] CVE-2024-6291 https://nvd.nist.gov/vuln/detail/CVE-2024-6291 [ 31 ] CVE-2024-6292 https://nvd.nist.gov/vuln/detail/CVE-2024-6292 [ 32 ] CVE-2024-6293 https://nvd.nist.gov/vuln/detail/CVE-2024-6293 [ 33 ] CVE-2024-6988 https://nvd.nist.gov/vuln/detail/CVE-2024-6988 [ 34 ] CVE-2024-6989 https://nvd.nist.gov/vuln/detail/CVE-2024-6989 [ 35 ] CVE-2024-6991 https://nvd.nist.gov/vuln/detail/CVE-2024-6991 [ 36 ] CVE-2024-6994 https://nvd.nist.gov/vuln/detail/CVE-2024-6994 [ 37 ] CVE-2024-6995 https://nvd.nist.gov/vuln/detail/CVE-2024-6995 [ 38 ] CVE-2024-6996 https://nvd.nist.gov/vuln/detail/CVE-2024-6996 [ 39 ] CVE-2024-6997 https://nvd.nist.gov/vuln/detail/CVE-2024-6997 [ 40 ] CVE-2024-6998 https://nvd.nist.gov/vuln/detail/CVE-2024-6998 [ 41 ] CVE-2024-6999 https://nvd.nist.gov/vuln/detail/CVE-2024-6999 [ 42 ] CVE-2024-7000 https://nvd.nist.gov/vuln/detail/CVE-2024-7000 [ 43 ] CVE-2024-7001 https://nvd.nist.gov/vuln/detail/CVE-2024-7001 [ 44 ] CVE-2024-7003 https://nvd.nist.gov/vuln/detail/CVE-2024-7003 [ 45 ] CVE-2024-7004 https://nvd.nist.gov/vuln/detail/CVE-2024-7004 [ 46 ] CVE-2024-7005 https://nvd.nist.gov/vuln/detail/CVE-2024-7005 [ 47 ] CVE-2024-7532 https://nvd.nist.gov/vuln/detail/CVE-2024-7532 [ 48 ] CVE-2024-7533 https://nvd.nist.gov/vuln/detail/CVE-2024-7533 [ 49 ] CVE-2024-7534 https://nvd.nist.gov/vuln/detail/CVE-2024-7534 [ 50 ] CVE-2024-7535 https://nvd.nist.gov/vuln/detail/CVE-2024-7535 [ 51 ] CVE-2024-7536 https://nvd.nist.gov/vuln/detail/CVE-2024-7536 [ 52 ] CVE-2024-7550 https://nvd.nist.gov/vuln/detail/CVE-2024-7550 [ 53 ] CVE-2024-7964 https://nvd.nist.gov/vuln/detail/CVE-2024-7964 [ 54 ] CVE-2024-7965 https://nvd.nist.gov/vuln/detail/CVE-2024-7965 [ 55 ] CVE-2024-7966 https://nvd.nist.gov/vuln/detail/CVE-2024-7966 [ 56 ] CVE-2024-7967 https://nvd.nist.gov/vuln/detail/CVE-2024-7967 [ 57 ] CVE-2024-7968 https://nvd.nist.gov/vuln/detail/CVE-2024-7968 [ 58 ] CVE-2024-7969 https://nvd.nist.gov/vuln/detail/CVE-2024-7969 [ 59 ] CVE-2024-7971 https://nvd.nist.gov/vuln/detail/CVE-2024-7971 [ 60 ] CVE-2024-7972 https://nvd.nist.gov/vuln/detail/CVE-2024-7972 [ 61 ] CVE-2024-7973 https://nvd.nist.gov/vuln/detail/CVE-2024-7973 [ 62 ] CVE-2024-7974 https://nvd.nist.gov/vuln/detail/CVE-2024-7974 [ 63 ] CVE-2024-7975 https://nvd.nist.gov/vuln/detail/CVE-2024-7975 [ 64 ] CVE-2024-7976 https://nvd.nist.gov/vuln/detail/CVE-2024-7976 [ 65 ] CVE-2024-7977 https://nvd.nist.gov/vuln/detail/CVE-2024-7977 [ 66 ] CVE-2024-7978 https://nvd.nist.gov/vuln/detail/CVE-2024-7978 [ 67 ] CVE-2024-7979 https://nvd.nist.gov/vuln/detail/CVE-2024-7979 [ 68 ] CVE-2024-7980 https://nvd.nist.gov/vuln/detail/CVE-2024-7980 [ 69 ] CVE-2024-7981 https://nvd.nist.gov/vuln/detail/CVE-2024-7981 [ 70 ] CVE-2024-8033 https://nvd.nist.gov/vuln/detail/CVE-2024-8033 [ 71 ] CVE-2024-8034 https://nvd.nist.gov/vuln/detail/CVE-2024-8034 [ 72 ] CVE-2024-8035 https://nvd.nist.gov/vuln/detail/CVE-2024-8035 [ 73 ] CVE-2024-8193 https://nvd.nist.gov/vuln/detail/CVE-2024-8193 [ 74 ] CVE-2024-8194 https://nvd.nist.gov/vuln/detail/CVE-2024-8194 [ 75 ] CVE-2024-8198 https://nvd.nist.gov/vuln/detail/CVE-2024-8198 [ 76 ] CVE-2024-8636 https://nvd.nist.gov/vuln/detail/CVE-2024-8636 [ 77 ] CVE-2024-8637 https://nvd.nist.gov/vuln/detail/CVE-2024-8637 [ 78 ] CVE-2024-8638 https://nvd.nist.gov/vuln/detail/CVE-2024-8638 [ 79 ] CVE-2024-8639 https://nvd.nist.gov/vuln/detail/CVE-2024-8639 [ 80 ] CVE-2024-9120 https://nvd.nist.gov/vuln/detail/CVE-2024-9120 [ 81 ] CVE-2024-9121 https://nvd.nist.gov/vuln/detail/CVE-2024-9121 [ 82 ] CVE-2024-9122 https://nvd.nist.gov/vuln/detail/CVE-2024-9122 [ 83 ] CVE-2024-9123 https://nvd.nist.gov/vuln/detail/CVE-2024-9123 [ 84 ] CVE-2024-9602 https://nvd.nist.gov/vuln/detail/CVE-2024-9602 [ 85 ] CVE-2024-9603 https://nvd.nist.gov/vuln/detail/CVE-2024-9603 [ 86 ] CVE-2024-10229 https://nvd.nist.gov/vuln/detail/CVE-2024-10229 [ 87 ] CVE-2024-10230 https://nvd.nist.gov/vuln/detail/CVE-2024-10230 [ 88 ] CVE-2024-10231 https://nvd.nist.gov/vuln/detail/CVE-2024-10231 [ 89 ] CVE-2024-10826 https://nvd.nist.gov/vuln/detail/CVE-2024-10826 [ 90 ] CVE-2024-10827 https://nvd.nist.gov/vuln/detail/CVE-2024-10827 [ 91 ] CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 [ 92 ] CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 [ 93 ] CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202501-09 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2025 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 --===============1052128712436867726== Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmeR7jAACgkQFMQkOaVy +9lyYQ//UWaz17Sci0cWFBzyIh4xKKwbfX0wKTYFCaLVYs4i1+b5i9aA8bEUzW2W CGlyIXPGuSDseac/E7JjYWQE0KOcQdlIP58O1O8/zjStQf87UbgPUudUvwxDuKjw njKg1RmJ32yuuDguHgBhX1cfnrMfBesxPW2/w8rqmOCjO8LuQhFsrH83OUIwFOT0 MCI/kg6gmkpn96R1CLrz0Q6OJKuB3/KrctKF39GOkQMdCOhsn3WKSI1QwMRbFEAs YfzIRvQKVhr6Iwaizi/Ya9mnexYn7HyWl7Bhs0229abrFe1rOCkENFykRxdROqRL nXOBW1nIM+uQS8JbEIddUoBjij1Aka36z++Y3AB+OEnCwHmNmUT2eZLQCaNEF3gU NVOHDpC3TELu1U1hg3fLZZirjHC6giMLm3PW3WK0nYSr6gTOFnnR6TktC/gYAj8P QPODS9xOvbSOSDlOkQ1Bpj+l1xfD1bdnxkCBa68I7mSDyaN6k78liFR8NsfMh5LQ R8BFXWtpysRvHXBPSxqMHxRX2x8Zt+UEovdfWiLsKpFDBfmwtSJV3rmO5L2343dK Vv+oof6Csljjl0zG3enu8wj7oyBXZHXkJpzocn/NxKlwoSSGptw72Kn/wdO8wwzE dJSggyv7hCLfsJX2P3Zu96qQXNw7vJS9j4WzlFq5XxiCpljcU4s= =1rSI -----END PGP SIGNATURE----- --===============1052128712436867726==--