{"affected":[{"ecosystem_specific":{"binaries":[{"libQt5Pdf5":"5.15.3-lp152.3.3.4","libQt5PdfWidgets5":"5.15.3-lp152.3.3.4","libqt5-qtpdf-devel":"5.15.3-lp152.3.3.4","libqt5-qtpdf-examples":"5.15.3-lp152.3.3.4","libqt5-qtpdf-imports":"5.15.3-lp152.3.3.4","libqt5-qtpdf-private-headers-devel":"5.15.3-lp152.3.3.4","libqt5-qtwebengine":"5.15.3-lp152.3.3.4","libqt5-qtwebengine-devel":"5.15.3-lp152.3.3.4","libqt5-qtwebengine-examples":"5.15.3-lp152.3.3.4","libqt5-qtwebengine-private-headers-devel":"5.15.3-lp152.3.3.4"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"libqt5-qtwebengine","purl":"pkg:rpm/opensuse/libqt5-qtwebengine&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.15.3-lp152.3.3.4"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libqt5-qtwebengine fixes the following issues:\n\nUpdate to version 5.15.3\n\nCVE fixes backported in chromium updates:\n\n- CVE-2020-16044: Use after free in WebRTC\n- CVE-2021-21118: Heap buffer overflow in Blink\n- CVE-2021-21119: Use after free in Media\n- CVE-2021-21120: Use after free in WebSQL\n- CVE-2021-21121: Use after free in Omnibox\n- CVE-2021-21122: Use after free in Blink\n- CVE-2021-21123: Insufficient data validation in File System API\n- CVE-2021-21125: Insufficient policy enforcement in File System API\n- CVE-2021-21126: Insufficient policy enforcement in extensions\n- CVE-2021-21127: Insufficient policy enforcement in extensions\n- CVE-2021-21128: Heap buffer overflow in Blink\n- CVE-2021-21129: Insufficient policy enforcement in File System API\n- CVE-2021-21130: Insufficient policy enforcement in File System API\n- CVE-2021-21131: Insufficient policy enforcement in File System API\n- CVE-2021-21132: Inappropriate implementation in DevTools\n- CVE-2021-21135: Inappropriate implementation in Performance API\n- CVE-2021-21137: Inappropriate implementation in DevTools\n- CVE-2021-21140: Uninitialized Use in USB\n- CVE-2021-21141: Insufficient policy enforcement in File System API\n- CVE-2021-21145: Use after free in Fonts\n- CVE-2021-21146: Use after free in Navigation\n- CVE-2021-21147: Inappropriate implementation in Skia\n- CVE-2021-21148: Heap buffer overflow in V8\n- CVE-2021-21149: Stack overflow in Data Transfer\n- CVE-2021-21150: Use after free in Downloads\n- CVE-2021-21152: Heap buffer overflow in Media\n- CVE-2021-21153: Stack overflow in GPU Process\n- CVE-2021-21156: Heap buffer overflow in V8\n- CVE-2021-21157: Use after free in Web Sockets\n","id":"openSUSE-SU-2021:0973-1","modified":"2021-07-05T20:13:32Z","published":"2021-07-05T20:13:32Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5TAIJROLXEDDASYPE5FNK2OGKN4IAJT5/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1130395"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158516"},{"type":"REPORT","url":"https://bugzilla.suse.com/1163744"},{"type":"REPORT","url":"https://bugzilla.suse.com/1163766"},{"type":"REPORT","url":"https://bugzilla.suse.com/1182233"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16044"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21118"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21119"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21120"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21121"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21122"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21123"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21125"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21126"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21127"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21128"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21129"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21130"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21131"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21132"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21135"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21137"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21140"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21141"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21145"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21146"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21147"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21148"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21149"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21150"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21152"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21153"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21156"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21157"}],"related":["CVE-2020-16044","CVE-2021-21118","CVE-2021-21119","CVE-2021-21120","CVE-2021-21121","CVE-2021-21122","CVE-2021-21123","CVE-2021-21125","CVE-2021-21126","CVE-2021-21127","CVE-2021-21128","CVE-2021-21129","CVE-2021-21130","CVE-2021-21131","CVE-2021-21132","CVE-2021-21135","CVE-2021-21137","CVE-2021-21140","CVE-2021-21141","CVE-2021-21145","CVE-2021-21146","CVE-2021-21147","CVE-2021-21148","CVE-2021-21149","CVE-2021-21150","CVE-2021-21152","CVE-2021-21153","CVE-2021-21156","CVE-2021-21157"],"summary":"Security update for libqt5-qtwebengine","upstream":["CVE-2020-16044","CVE-2021-21118","CVE-2021-21119","CVE-2021-21120","CVE-2021-21121","CVE-2021-21122","CVE-2021-21123","CVE-2021-21125","CVE-2021-21126","CVE-2021-21127","CVE-2021-21128","CVE-2021-21129","CVE-2021-21130","CVE-2021-21131","CVE-2021-21132","CVE-2021-21135","CVE-2021-21137","CVE-2021-21140","CVE-2021-21141","CVE-2021-21145","CVE-2021-21146","CVE-2021-21147","CVE-2021-21148","CVE-2021-21149","CVE-2021-21150","CVE-2021-21152","CVE-2021-21153","CVE-2021-21156","CVE-2021-21157"]}