From nobody Sat Nov 23 05:40:46 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XwLRL2X2Xz5dydF; Sat, 23 Nov 2024 05:40:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XwLRL1sctz4M3B; Sat, 23 Nov 2024 05:40:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1732340446; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vkdwHmR/WMeDoRGyoMpN9jLpQ4CbwXOhBR/BDPsDUyk=; b=faZWR/E61ssxo0vehOadMty4igZsyc3PSCRakq+yUX+WBchEK9FTgGFFBNTchIBkhGEAoQ lbdBFWMpydi0mZ1SY8deNwZxNSu8/HeJZTvC9VCGb67RRcj0O2TWeABIubmjViZ2iHBJV0 fe/cxZJ74FOcI0CJZ6BWJc9wAJ0uKYxvenzUYQ0OppGVIsE23uzBM1PJBSOfbbNvZ/2iXn ZTYcXK6BLtCEQSlyjRsLKEG0p+svxAZJ2Z68eN3piGefoQkcjCm2ZDd4bemrt/5nh5l0Q4 9soDvLkoHQPaANRrnqHQ9HigIUOjV/3v1rnbuag8+xErmM7hz+b6xpv5KvD+nQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1732340446; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vkdwHmR/WMeDoRGyoMpN9jLpQ4CbwXOhBR/BDPsDUyk=; b=dvIKhQrgyV7lpmEu7+v8wMnBzQSqdy3Gj8+SodgJOp8YTB5nXP5r0jSKveyLSUH3EsmC0S 1wxGTyhFTo/JNGgbtGxxgFtYQ7L/yC3KWzaCsc9jtM1xBGPmZf0rZfWv2CeeTDW9ES7dsG nT45a7nKmvpfRijrtXrG78qC4GFD7TBXr2Z9OzDh28izh4aaONhHpjq2msFhVkAgrfDYMb XMNnFX+gB0DDWKqDKn71UxX7ebTJCnclEPDBfM+23NRNkJS7jysGUNvpMbxL69wguuTrJH AkToUsjqP5dTUNGDfSWzA9k0nra6VqAFntJWQuvF1gyVFrOKEt2qRb3zmjELsQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1732340446; a=rsa-sha256; cv=none; b=yIwRJZQ2KjtQ6jnruqtaadt25wnyYRRRv27o0MK4AOv0uO2Kf5wF3NDWCELj8i568iq8fb +uMB4Wi2uRjLzlep9z+tjV1EDOO1imFw1ccoa8WPUrvsX2KCxW4F+XtRQIjBfFrYk+v9Ac t7YyQ98EnBQ1H+DZ18tAbj9jFCMkYDb0wVHBMQceIvN1QDbTqfe+Tlw997QrErWgBKXs+W EudIZeduhJPILbfFgswHFusNHIbmD0sqPf5KY2HC7SpubhM4R9MI39fpI4oPIJYf9rrVg0 Ax02Yl01ID0K7pIU3NEO8UUJwc2iINgTboQisxegKGwP5tMMYPO4Eq7Wq8wjlw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XwLRL1JHdzx6y; Sat, 23 Nov 2024 05:40:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4AN5ekDF011385; Sat, 23 Nov 2024 05:40:46 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4AN5ek6t011382; Sat, 23 Nov 2024 05:40:46 GMT (envelope-from git) Date: Sat, 23 Nov 2024 05:40:46 GMT Message-Id: <202411230540.4AN5ek6t011382@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: "Jason E. Hale" Subject: git: 9b26e39ed48e - main - security/vuxml: Add www/qt5-webengine < 5.15.18p5 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhale X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 9b26e39ed48ec94485e92fd9ae7c28aa97c9be02 Auto-Submitted: auto-generated The branch main has been updated by jhale: URL: https://cgit.FreeBSD.org/ports/commit/?id=9b26e39ed48ec94485e92fd9ae7c28aa97c9be02 commit 9b26e39ed48ec94485e92fd9ae7c28aa97c9be02 Author: Jason E. Hale AuthorDate: 2024-11-22 08:40:41 +0000 Commit: Jason E. Hale CommitDate: 2024-11-23 05:40:00 +0000 security/vuxml: Add www/qt5-webengine < 5.15.18p5 --- security/vuxml/vuln/2024.xml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 602c7b70f048..ff4c0af53f12 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,32 @@ + + qt5-webengine -- Use after free in Serial + + + qt5-webengine + 5.15.18p5 + + + + +

Qt qtwebengine-chromium repo reports:

+
+

Backports for 1 security bug in Chromium:

+
    +
  • CVE-2024-10827: Use after free in Serial
    • +
+
+ + + + CVE-2024-10827 + https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based + + + 2024-10-24 + 2024-11-22 + + + xorg server -- _XkbSetCompatMap vulnerability