AVG-339

Package qt5-webengine
Status Fixed
Severity Critical
Type multiple issues
Affected 5.9.0-2
Fixed 5.9.1-1
Current 5.10.1-1 [extra]
Ticket None
Created Tue Jul 4 08:31:31 2017
Issue Severity Remote Type Description
CVE-2017-5089 Medium Yes Content spoofing
A domain spoofing vulnerability has been found in the Omnibox component of the Chromium browser < 59.0.3071.104.
CVE-2017-5088 High Yes Information disclosure
An out-of-bounds read vulnerability has been found in the V8 component of the Chromium browser < 59.0.3071.104.
CVE-2017-5083 Low Yes Content spoofing
A UI spoofing flaw has been found in the Blink component of the Chromium browser.
CVE-2017-5079 Medium Yes Content spoofing
A UI spoofing flaw has been found in the Blink component of the Chromium browser.
CVE-2017-5078 High Yes Arbitrary command execution
A possible command injection flaw has been found in the mailto handling component of the Chromium browser.
CVE-2017-5077 High Yes Arbitrary code execution
A heap buffer overflow flaw was found in the Skia component of the Chromium browser.
CVE-2017-5076 Medium Yes Content spoofing
An address spoofing flaw has been found in the Omnibox component of the Chromium browser.
CVE-2017-5075 Medium Yes Information disclosure
An information leak flaw has been found in the CSP reporting component of the Chromium browser.
CVE-2017-5071 High Yes Information disclosure
An out of bounds read flaw has been found in the V8 component of the Chromium browser.
CVE-2017-5070 Critical Yes Arbitrary code execution
A type confusion flaw has been found in the V8 component of the Chromium browser.
Date Advisory Package Description
04 Jul 2017 ASA-201707-4 qt5-webengine multiple issues
References
https://github.com/qt/qtwebengine/blob/5.9.1/dist/changes-5.9.1