Accepting request 618472 from network

- Update to version 1.3.3:
  Security:
    * An XSS vulnerability on the qute://history page allowed
      websites to inject HTML into the page via a crafted title
      tag. This could allow them to steal your browsing history.
      If you're currently unable to upgrade, avoid using :history.
      This issue has been assigned CVE-2018-1000559.
  Fixed:
    * Crash in a workaround for a Qt 5.11 bug in rare
      circumstances.
    * Workaround for a Qt bug which preserves searches between page
      loads.

OBS-URL: https://build.opensuse.org/request/show/618472
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/qutebrowser?expand=0&rev=21

qutebrowser-1.3.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ff4bf5f74e6ba4f76e5bee8ab5c370c0fb8bbd99123592262c09605c5065c27f
-size 3535391

qutebrowser-1.3.2.tar.gz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEE4E5WAAJAG47w528KkW6wyP1VoHIFAlsdL0EACgkQkW6wyP1V
-oHIdTQ//ae/W7QGOSSBf5zXG32CIhtLCa+/tojppz0K85EFPFO4VQQAcJ9uukTEx
-vbcKzEBNAwsTx2e0rhiN9kLl3xTv5ha7i2Y+oUXUl7YfxVYoCDcNcgvqD4r5gVgk
-H6puPYOzYtCX8i/+h7OUFLepOlrF6EbX2Y6KNT4YZCNwVINmqtrJWJt7Yhl3vkGp
-6ql/1aBC2U3El0qvbN8qeVx+8uEXbpA919q7072ig3pxjBmuj1fWdyJA+4q/zamC
-wHeLfwdHFFaw099eI8SsT35q2SwKv8UXBoqEmRC0qb+8aVask0E+kca9YwHPBvJU
-EmDO+Tt/B28DfGt7CNvOoBquZhSTIDhCDWCgSmwOkUkbcfJOVMhFQ2xPP2QE1/U9
-CjiyN/5CF3STAfcNo1vQD+ce9KwlDxvfkXYYTcM0ANryri0PU6B4noa7mVoUYLAM
-ELS9I/4VU3/cMfMjynSF3PfbZUwS5wTzaYxqcVWoLeluFRwF8etNY4943o2hJwBu
-nYv1mPnLmJnZnrkb3L/x8K8KXtLm5Pbvj3anWYmH99jPnyC94CHm7H+QeC6VxmaG
-MtfYI2cRvrew0ka0wq81+C1/Yj243IIrL0z5kz015xwRANge+VDcttuUE/rEBqN9
-hKLnlhHK6eq+7HWHCYoHb10yhHCDp86KWIyMKaEAV0b6JlB+93s=
-=nwdu
------END PGP SIGNATURE-----

qutebrowser-1.3.3.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:68cab76dbd23ef77c29865a80e3eb508a3b5392e9f190c497f8a93dada5c9906
+size 3536053

qutebrowser-1.3.3.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEE4E5WAAJAG47w528KkW6wyP1VoHIFAlssGfYACgkQkW6wyP1V
+oHLf8Q/+JysXAw5v/3zKtFjg9oguk3l0lGd9VIvAg0Zpcsd/Yd4kYUwNQd9InPeV
+23jYiqJygtcwp/FiqgE6VQfb/qtEXU8oDxkvTkBwLKXlTf3ZhQVkWrTB+Mx5+/5n
+u9mTMe95oShqWJmdV05KldBT9VQlSYekQhC25fzn+x0LTneJyj2PiQ4JyuoYrsgb
+wTL2YAE17PGG3/tugrzeHRZGHU6Q9EFcnzr1TdAe0L61GjVeZcrjQaFj4ze5DbIg
+OcAafZ14nHk8isyqw7vWldg7yMWdYSJjLxwSWyQ/rPHB5qlEDL9/IcQYjny51B3F
+djIj9yJKxF+2lTY8HqZwri63FFeDgusq84rmpQoCkpTOG/qYQjMeMzRWUA8AGNse
+efZLCLFx0trr9IGpPXZbqBYTk7gsmiqpDKwIe7m2DgZzdEDKKafcTayGuDuXxy0D
+Y9h0QluKRi57Vk/+lprZ2DCeC0SJKeaPgZCkPXGKncDSPkxhCf/zVRkEbt8DVTNM
+x8LLZFBo5XagOShm9F0a+hTeN4MLkR+QBP/LGa2X+GIoMOI9olPBV1qo6oGxgu4d
+5Q1nsoIq0Iqa5Vzj5g6QnHigfWCbRVoXWBWbXq3cyL4exL5v4KlQXJYTiaelj4Gj
+8Ukt7juPiMOQ11pgLhFrwqss6t2rMaxk51ijDSy2kG/uib4KX/g=
+=3WRc
+-----END PGP SIGNATURE-----

qutebrowser.changes

@@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Fri Jun 22 10:25:18 UTC 2018 - 9+suse@cirno.systems
+
+- Update to version 1.3.3:
+  Security:
+    * An XSS vulnerability on the qute://history page allowed
+      websites to inject HTML into the page via a crafted title
+      tag. This could allow them to steal your browsing history.
+      If you're currently unable to upgrade, avoid using :history.
+      This issue has been assigned CVE-2018-1000559.
+  Fixed:
+    * Crash in a workaround for a Qt 5.11 bug in rare
+      circumstances.
+    * Workaround for a Qt bug which preserves searches between page
+      loads.
+
 -------------------------------------------------------------------
 Wed Jun 13 21:56:04 UTC 2018 - 9+suse@cirno.systems
 

qutebrowser.spec

@@ -17,7 +17,7 @@
 
 
 Name:           qutebrowser
-Version:        1.3.2
+Version:        1.3.3
 Release:        0
 Summary:        Keyboard-driven vim-like browser based on Qt5
 License:        GPL-3.0-or-later