Skip to content

community/qt6-qtwebengine: chromium security upgrade

omni requested to merge omni/aports:secup-qt6-qtwebengine into master

https://invent.kde.org/qt/qt/qtwebengine-chromium/-/commits/118-based

not sure if I should also add

#   6.7.2-r0:
#     - CVE-2024-5493
#     - CVE-2024-5494
#     - CVE-2024-5495
#     - CVE-2024-5496
#     - CVE-2024-5499
#     - CVE-2024-5831
#     - CVE-2024-5832
#     - CVE-2024-5840
#     - CVE-2024-5841
#     - CVE-2024-5845
#     - CVE-2024-5846
#     - CVE-2024-5847
#     - CVE-2024-6290
#     - CVE-2024-6291
#     - CVE-2024-6292
#     - CVE-2024-6293

as that is what I find between CVE-2024-5274 and the qtwebengine-chromium commit that was used for the 6.7.2-r0 build https://invent.kde.org/qt/qt/qtwebengine-chromium/-/commit/a08edbbf641285af44119d3172584d24e39dd22c

It also looks like 112-based does not receive any fixes since CVE-2024-5274 late May and that makes we wonder if there is anything we can do for qt6-qtwebengine in 3.20-stable. If 118-based qtwebengine-chromium would work with 6.6.3 qt6-qtwebengine that would be great, because I don't think we can nor should upgrade to 6.7.x in 3.20-stable.

Merge request reports