Fedora 26: qt5-qtwebengine Update Addresses Critical Issues and Fixes

Qt5 - QtWebEngine components.

This update updates QtWebEngine to the 5.9.0 release. QtWebEngine 5.9.0 is part

of the Qt 5.9.0 release, but only the QtWebEngine component is included in this

update. The update fixes the following security issues in QtWebEngine 5.8.0:

CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010,

CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015,

CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020,

CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025,

CVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5032, CVE-2017-5033,

CVE-2017-5034, CVE-2017-5036, CVE-2017-5039, CVE-2017-5040, CVE-2017-5044,

CVE-2017-5045, CVE-2017-5046, CVE-2017-5052, CVE-2017-5053, CVE-2017-5055,

CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061,

CVE-2017-5062, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5068, and

CVE-2017-5069. Other important changes include: * Based on Chromium

56.0.2924.122 with security fixes from Chromium up to version 58.0.3029.96.

(5.8.0 was based on Chromium 53.0.2785.148 with security fixes from Chromium up

to version 55.0.2883.75.) * [QTBUG-54650, QTBUG-59922] Accessibility is now

disabled by default on Linux, like it is in Chrome, due to poor options for

enabling it conditionally and its heavy performance impact. Set the environment

variable `QTWEBENGINE_ENABLE_LINUX_ACCESSIBILITY` to enable it again. *

[QTBUG-56531] Enabled `filesystem:` protocol handler. * [QTBUG-57720] Optimized

incremental scene-graph rendering in particular for software rendering. *

[QTBUG-60049] Enabled brotli support. * Many bug fixes, see

https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.9.0?h=5.9 for

details. In addition, this build includes a fix for

https://qt-project.atlassian.net//browse/QTBUG-61521 , a binary incompatibility in

QtWebEngine 5.9.0 compared to 5.8.0.

[ 1 ] Bug #1466689 - QtWebEngine: multiple security vulnerabilities fixed in 5.9.0

https://bugzilla.redhat.com/show_bug.cgi?id=1466689

su -c 'dnf upgrade qt5-qtwebengine' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org