Fedora 26: 2018-c0d3db441f Moderate: QtWebEngine Multiple Security Fixes

Qt5 - QtWebEngine components.

This update updates QtWebEngine to the 5.10.1 bugfix and security release.

QtWebEngine 5.10.1 is part of the Qt 5.10.1 release, but only the QtWebEngine

component is included in this update. This update includes: * Security fixes

from Chromium up to version 64.0.3282.140. Including: CVE-2017-15407,

CVE-2017-15409, CVE-2017-15410, CVE-2017-15411, CVE-2017-15415, CVE-2017-15416,

CVE-2017-15418, CVE-2017-15419, CVE-2017-15422, CVE-2017-15423, CVE-2017-15424,

CVE-2017-15425, CVE-2017-15426, CVE-2018-6031, CVE-2018-6033, CVE-2018-6034,

CVE-2018-6036, CVE-2018-6037, CVE-2018-6038, CVE-2018-6040, CVE-2018-6041,

CVE-2018-6042, CVE-2018-6047, CVE-2018-6048, CVE-2018-6050, CVE-2018-6051,

CVE-2018-6052, CVE-2018-6053 and CVE-2018-6054. * Mitigations for SPECTRE:

disabled shared-buffers, added cryptographic noise to precision timers *

[QTBUG-47206] Fixed incorrect layouting due to bug in HTML5 viewport support. *

[QTBUG-47945, QTBUG-65647] Fixed random crashes on exit * [QTBUG-57206] Fixed

regression in viewport handling in embedded mode * [QTBUG-58400] Improved memory

usage when printing * [QTBUG-63867] Fixed elements when compiled

without OpenGL * [QTBUG-63266, QTBUG-64436] Fixed that pointerType of Pointer

Events was empty * [QTBUG-63606] Improved runtime disabling and clearing of HTTP

cache * [QTBUG-64436] QtWebEngineWidgets: Fixed crash when exiting fullscreen

mode using the context menu. * [QTBUG-64560] Fixed rendering glitches after

renderProcessTerminated signal was emitted. * [QTBUG-64812] Fixed message bubble

position in Hi-DPI mode * [QTBUG-64869, QTBUG-65004] Added testing for 32-bit

host compiler when crossbuilding to 32-bit platforms * [QTBUG-64933]

QtWebEngineWidgets: Fixed tooltips that did still show after mouse was moved

away. * [QTBUG-65239] Fixed hanging of process if application is closed too fast

after startup. * [QTBUG-65715] Fixed double margins when printing

su -c 'dnf upgrade qt5-qtwebengine' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org