From bfd2924df7a27f1cd5c8ab21df7031362cd60ef1f6c92ad1a6ee7bae7df03b13 Mon Sep 17 00:00:00 2001 From: Mia Herkt <9+suse@cirno.systems> Date: Fri, 22 Jun 2018 10:28:04 +0000 Subject: [PATCH 1/2] - Update to version 1.3.3: Security: * An XSS vulnerability on the qute://history page allowed websites to inject HTML into the page via a crafted title tag. This could allow them to steal your browsing history. If you're currently unable to upgrade, avoid using :history. A CVE request for this issue is pending. Fixed: * Crash in a workaround for a Qt 5.11 bug in rare circumstances. * Workaround for a Qt bug which preserves searches between page loads. OBS-URL: https://build.opensuse.org/package/show/network/qutebrowser?expand=0&rev=42 --- qutebrowser-1.3.2.tar.gz | 3 --- qutebrowser-1.3.2.tar.gz.asc | 16 ---------------- qutebrowser-1.3.3.tar.gz | 3 +++ qutebrowser-1.3.3.tar.gz.asc | 16 ++++++++++++++++ qutebrowser.changes | 16 ++++++++++++++++ qutebrowser.spec | 2 +- 6 files changed, 36 insertions(+), 20 deletions(-) delete mode 100644 qutebrowser-1.3.2.tar.gz delete mode 100644 qutebrowser-1.3.2.tar.gz.asc create mode 100644 qutebrowser-1.3.3.tar.gz create mode 100644 qutebrowser-1.3.3.tar.gz.asc diff --git a/qutebrowser-1.3.2.tar.gz b/qutebrowser-1.3.2.tar.gz deleted file mode 100644 index 718a671..0000000 --- a/qutebrowser-1.3.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ff4bf5f74e6ba4f76e5bee8ab5c370c0fb8bbd99123592262c09605c5065c27f -size 3535391 diff --git a/qutebrowser-1.3.2.tar.gz.asc b/qutebrowser-1.3.2.tar.gz.asc deleted file mode 100644 index a2dc4ae..0000000 --- a/qutebrowser-1.3.2.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEE4E5WAAJAG47w528KkW6wyP1VoHIFAlsdL0EACgkQkW6wyP1V -oHIdTQ//ae/W7QGOSSBf5zXG32CIhtLCa+/tojppz0K85EFPFO4VQQAcJ9uukTEx -vbcKzEBNAwsTx2e0rhiN9kLl3xTv5ha7i2Y+oUXUl7YfxVYoCDcNcgvqD4r5gVgk -H6puPYOzYtCX8i/+h7OUFLepOlrF6EbX2Y6KNT4YZCNwVINmqtrJWJt7Yhl3vkGp -6ql/1aBC2U3El0qvbN8qeVx+8uEXbpA919q7072ig3pxjBmuj1fWdyJA+4q/zamC -wHeLfwdHFFaw099eI8SsT35q2SwKv8UXBoqEmRC0qb+8aVask0E+kca9YwHPBvJU -EmDO+Tt/B28DfGt7CNvOoBquZhSTIDhCDWCgSmwOkUkbcfJOVMhFQ2xPP2QE1/U9 -CjiyN/5CF3STAfcNo1vQD+ce9KwlDxvfkXYYTcM0ANryri0PU6B4noa7mVoUYLAM -ELS9I/4VU3/cMfMjynSF3PfbZUwS5wTzaYxqcVWoLeluFRwF8etNY4943o2hJwBu -nYv1mPnLmJnZnrkb3L/x8K8KXtLm5Pbvj3anWYmH99jPnyC94CHm7H+QeC6VxmaG -MtfYI2cRvrew0ka0wq81+C1/Yj243IIrL0z5kz015xwRANge+VDcttuUE/rEBqN9 -hKLnlhHK6eq+7HWHCYoHb10yhHCDp86KWIyMKaEAV0b6JlB+93s= -=nwdu ------END PGP SIGNATURE----- diff --git a/qutebrowser-1.3.3.tar.gz b/qutebrowser-1.3.3.tar.gz new file mode 100644 index 0000000..00ddd8d --- /dev/null +++ b/qutebrowser-1.3.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:68cab76dbd23ef77c29865a80e3eb508a3b5392e9f190c497f8a93dada5c9906 +size 3536053 diff --git a/qutebrowser-1.3.3.tar.gz.asc b/qutebrowser-1.3.3.tar.gz.asc new file mode 100644 index 0000000..c384d7b --- /dev/null +++ b/qutebrowser-1.3.3.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEE4E5WAAJAG47w528KkW6wyP1VoHIFAlssGfYACgkQkW6wyP1V +oHLf8Q/+JysXAw5v/3zKtFjg9oguk3l0lGd9VIvAg0Zpcsd/Yd4kYUwNQd9InPeV +23jYiqJygtcwp/FiqgE6VQfb/qtEXU8oDxkvTkBwLKXlTf3ZhQVkWrTB+Mx5+/5n +u9mTMe95oShqWJmdV05KldBT9VQlSYekQhC25fzn+x0LTneJyj2PiQ4JyuoYrsgb +wTL2YAE17PGG3/tugrzeHRZGHU6Q9EFcnzr1TdAe0L61GjVeZcrjQaFj4ze5DbIg +OcAafZ14nHk8isyqw7vWldg7yMWdYSJjLxwSWyQ/rPHB5qlEDL9/IcQYjny51B3F +djIj9yJKxF+2lTY8HqZwri63FFeDgusq84rmpQoCkpTOG/qYQjMeMzRWUA8AGNse +efZLCLFx0trr9IGpPXZbqBYTk7gsmiqpDKwIe7m2DgZzdEDKKafcTayGuDuXxy0D +Y9h0QluKRi57Vk/+lprZ2DCeC0SJKeaPgZCkPXGKncDSPkxhCf/zVRkEbt8DVTNM +x8LLZFBo5XagOShm9F0a+hTeN4MLkR+QBP/LGa2X+GIoMOI9olPBV1qo6oGxgu4d +5Q1nsoIq0Iqa5Vzj5g6QnHigfWCbRVoXWBWbXq3cyL4exL5v4KlQXJYTiaelj4Gj +8Ukt7juPiMOQ11pgLhFrwqss6t2rMaxk51ijDSy2kG/uib4KX/g= +=3WRc +-----END PGP SIGNATURE----- diff --git a/qutebrowser.changes b/qutebrowser.changes index 0c7a1ce..2a311a1 100644 --- a/qutebrowser.changes +++ b/qutebrowser.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Fri Jun 22 10:25:18 UTC 2018 - 9+suse@cirno.systems + +- Update to version 1.3.3: + Security: + * An XSS vulnerability on the qute://history page allowed + websites to inject HTML into the page via a crafted title + tag. This could allow them to steal your browsing history. + If you're currently unable to upgrade, avoid using :history. + A CVE request for this issue is pending. + Fixed: + * Crash in a workaround for a Qt 5.11 bug in rare + circumstances. + * Workaround for a Qt bug which preserves searches between page + loads. + ------------------------------------------------------------------- Wed Jun 13 21:56:04 UTC 2018 - 9+suse@cirno.systems diff --git a/qutebrowser.spec b/qutebrowser.spec index 8e4d33a..e9a61b8 100644 --- a/qutebrowser.spec +++ b/qutebrowser.spec @@ -17,7 +17,7 @@ Name: qutebrowser -Version: 1.3.2 +Version: 1.3.3 Release: 0 Summary: Keyboard-driven vim-like browser based on Qt5 License: GPL-3.0-or-later From 2fb049d51220c352acb37eda5c6d9a7c9f2e8e2160369c4ad7e049426f3783e7 Mon Sep 17 00:00:00 2001 From: Mia Herkt <9+suse@cirno.systems> Date: Fri, 22 Jun 2018 10:36:38 +0000 Subject: [PATCH 2/2] OBS-URL: https://build.opensuse.org/package/show/network/qutebrowser?expand=0&rev=43 --- qutebrowser.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qutebrowser.changes b/qutebrowser.changes index 2a311a1..83012cc 100644 --- a/qutebrowser.changes +++ b/qutebrowser.changes @@ -7,7 +7,7 @@ Fri Jun 22 10:25:18 UTC 2018 - 9+suse@cirno.systems websites to inject HTML into the page via a crafted title tag. This could allow them to steal your browsing history. If you're currently unable to upgrade, avoid using :history. - A CVE request for this issue is pending. + This issue has been assigned CVE-2018-1000559. Fixed: * Crash in a workaround for a Qt 5.11 bug in rare circumstances.