This update fix CVE-2018-10895 [0] and a few minor bugs.
[0] : Due to a CSRF vulnerability affecting the qute://settings
page, it was
possible for websites to modify qutebrowser settings. Via settings like
editor.command
, this possibly allowed websites to execute arbitrary code.
This version fix compatibility issues with qtwebengine 5.11.x, add support for page printing, tab muting, third-party cookie blocking and has the web inspector "enabled" (does not require --enable-webengine-inspector
) by default. It also ships a few bugfixes and changes.
sudo dnf upgrade --advisory=FEDORA-2018-35325c9faf
submitted | 7 months ago |
in testing | 7 months ago |
in stable | 7 months ago |
modified | 7 months ago |
0 | 0 | #1600289 CVE-2018-10895 qutebrowser: Cross-site request forgery flaw allows sites to access 'qute://*' URLs and execute arbitrary code [fedora-all] |
This update has been submitted for testing by fnux.
This update has obsoleted qutebrowser-1.4.0-1.fc27, and has inherited its bugs and notes.
This update has been pushed to testing.
fnux edited this update.
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by fnux.
This update has been pushed to stable.