AVG-162

Package qt5-webengine
Status Fixed
Severity High
Type multiple issues
Affected 5.7.1-1
Fixed 5.8.0-1
Current 5.11.1-1 [testing]
5.11.0-3 [extra]
Ticket None
Created Thu Feb 2 09:16:06 2017
Issue Severity Remote Type Description
CVE-2016-9651 High Yes Access restriction bypass
A private property access flaw was found in the V8 component of the Chromium browser.
CVE-2016-9650 Low Yes Information disclosure
A CSP referrer disclosure vulnerability has been discovered in the Chromium browser.
CVE-2016-5225 Low Yes Access restriction bypass
A CSP bypass flaw was found in the Blink component of the Chromium browser.
CVE-2016-5224 Low Yes Same-origin policy bypass
A same-origin bypass flaw was found in the SVG component of the Chromium browser.
CVE-2016-5223 Low Yes Arbitrary code execution
An integer overflow flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5222 Medium Yes Content spoofing
An address spoofing flaw was found in the Omnibox component of the Chromium browser.
CVE-2016-5221 Medium Yes Arbitrary code execution
An integer overflow flaw was found in the ANGLE component of the Chromium browser.
CVE-2016-5219 Medium Yes Arbitrary code execution
An use after free flaw was found in the V8 component of the Chromium browser.
CVE-2016-5218 Medium Yes Content spoofing
An address spoofing flaw was found in the Omnibox component of the Chromium browser.
CVE-2016-5217 Medium Yes Insufficient validation
An use of unvalidated data flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5216 Medium Yes Arbitrary code execution
An use after free flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5215 Medium Yes Arbitrary code execution
An use after free flaw was found in the Webaudio component of the Chromium browser.
CVE-2016-5214 Medium Yes Insufficient validation
A file download protection bypass was discovered in the Chromium browser.
CVE-2016-5213 High Yes Arbitrary code execution
An use after free flaw was found in the V8 component of the Chromium browser.
CVE-2016-5212 High No Arbitrary filesystem access
A local file disclosure flaw was found in the DevTools component of the Chromium browser.
CVE-2016-5211 High Yes Arbitrary code execution
An use after free flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5210 High Yes Arbitrary code execution
An out of bounds write flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5208 High Yes Cross-site scripting
An universal XSS flaw was found in the Blink component of the Chromium browser.
CVE-2016-5207 High Yes Cross-site scripting
An universal XSS flaw was found in the Blink component of the Chromium browser.
CVE-2016-5206 High Yes Same-origin policy bypass
A same-origin bypass flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5205 High Yes Cross-site scripting
An universal XSS flaw was found in the Blink component of the Chromium browser.
CVE-2016-5204 High Yes Cross-site scripting
An universal XSS flaw was found in the Blink component of the Chromium browser.
CVE-2016-5203 High Yes Arbitrary code execution
An use after free flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5201 Medium Yes Information disclosure
An information disclosure flaw was found in the extensions component of the Chromium browser before 54.0.2840.100.
CVE-2016-5199 High Yes Arbitrary code execution
FFMPEG MP4 decoder contains an off-by-one error resulting in an allocation of size 0, followed by corrupting an arbitrary number of pointers out of bounds...
CVE-2016-5189 Medium Yes Content spoofing
An URL spoofing flaw was found in the Chromium browser.
CVE-2016-5183 High Yes Arbitrary code execution
An use after free flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5182 High Yes Arbitrary code execution
A heap overflow flaw was found in the Blink component of the Chromium browser.
Date Advisory Package Description
02 Feb 2017 ASA-201702-2 qt5-webengine multiple issues
References
https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.8.0