Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 20 QtWebKit Security Advisory: Critical Logging Issue

fedora
Calendar Grey April 21, 2015
Dist Fedora Esm H88
QtWebKit tracks accessed URLs even while in private browsing mode, highlighting the need for immediate security improvements. Discover more about the available patch.
QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode.

Summary

Qt WebKit bindings

Update Information:

QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode.

Topics%20covered

Topics Covered

security advisory update critical Fedora logging issue private browsing qtwebkit

Change Log

* Mon Mar 23 2015 Rex Dieter 2.3.4-6 - QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode (#1204795) * Mon Mar 23 2015 Rex Dieter 2.3.4-5 - drop ppc64le patch (that no longer applies or is needed) * Fri Mar 20 2015 Rex Dieter - 2.3.4-4 - gcc-5.0.0-0.20.fc23 FTBFS qtwebkit (#1203008) - add versioned glib2 dep (#1202735) * Tue Mar 17 2015 Rex Dieter 2.3.4-3 - qtwebkit enable jit for ppc64le (#1096330) * Wed Feb 18 2015 Rex Dieter 2.3.4-2 - rebuild (gcc5) * Thu Oct 16 2014 Rex Dieter 2.3.4-1 - qtwebkit-2.3.4 * Tue Sep 23 2014 Rex Dieter 2.3.3-18 - enable hardened build (#1051790) * Sun Aug 17 2014 Fedora Release Engineering - 2.3.3-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jul 20 2014 Kevin Kofler 2.3.3-16 - build against GStreamer1 on F21+ (#1092642, patch from openSUSE) * Fri Jun 20 2014 Rex Dieter 2.3.3-15 - use pkgconfig deps for qt-mobility * Sun Jun 8 2014 Fedora Release Engineering - 2.3.3-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Wed May 7 2014 Jaromir Capik - 2.3.3-13 - ppc64le support * Mon May 5 2014 Rex Dieter 2.3.3-12 - Requires: mozilla-filesystem (#1000673) * Fri May 2 2014 Rex Dieter 2.3.3-11 - no need to set empty qtdefines macro - no rpath for real, drop chrpath hacks * Sat Mar 8 2014 Kevin Kofler 2.3.3-10 - rebuild against fixed qt to fix -debuginfo (#1074041) * Thu Mar 6 2014 Peter Robinson 2.3.3-9 - update aarch64 patchset * Fri Feb 28 2014 Rex Dieter 2.3.3-8 - initial backport aarch64 javascriptcore fixes, needswork (#1070446) - apply downstream patches *after* upstream ones * Thu Feb 13 2014 Rex Dieter 2.3.3-7 - backport more upstream fixes * Thu Feb 13 2014 Rex Dieter 2.3.3-6 - ftbfs using bison3 * Wed Feb 12 2014 Rex Dieter 2.3.3-5 - rebuild (libicu) * Wed Jan 1 2014 Rex Dieter 2.3.3-4 - rebuild (libwebp) * Wed Dec 11 2013 Rex Dieter - 2.3.3-3 - support out-of-source-tree build - %ix86: build both no-sse2 and sse2 versions * Mon Dec 9 2013 Rex Dieter 2.3.3-2 - build-webkit --system-malloc (unconditionally, WAS only ppc)

References


[ 1 ] Bug #1204795 - qt5-qtwebkit: QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode https://bugzilla.redhat.com/show_bug.cgi?id=1204795

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update qtwebkit' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: qtwebkit
Product: Fedora 20
Version: 2.3.4
Release: 6.fc20
URL: https://trac.webkit.org/wiki/QtWebKit
Summary: Qt WebKit bindings

Topics%20covered

Topics Covered

security advisory update critical Fedora logging issue private browsing qtwebkit

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here