FEDORA-2018-35325c9faf

security update in Fedora 27 for qutebrowser

Status: stable 2 months ago

This update fix CVE-2018-10895 [0] and a few minor bugs.

[0] : Due to a CSRF vulnerability affecting the qute://settings page, it was possible for websites to modify qutebrowser settings. Via settings like editor.command, this possibly allowed websites to execute arbitrary code.

This version fix compatibility issues with qtwebengine 5.11.x, add support for page printing, tab muting, third-party cookie blocking and has the web inspector "enabled" (does not require --enable-webengine-inspector) by default. It also ships a few bugfixes and changes.

Comments 7

This update has been submitted for testing by fnux.

2 months ago

This update has obsoleted qutebrowser-1.4.0-1.fc27, and has inherited its bugs and notes.

2 months ago

This update has been pushed to testing.

2 months ago

fnux edited this update.

2 months ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

2 months ago

This update has been submitted for stable by fnux.

2 months ago

This update has been pushed to stable.

2 months ago

Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

Text fields in Bodhi2 support an enhanced version of markdown. This is a cheat sheet for your reference.

You can do headers by underlining or by prefixing with the # character:

This is an H1
=============

This is an H2
-------------

# This is another H1

## This is another H2

You can do blockquotes using email-style prefixes with the > character:

> This is a quotation
> over many lines
> > and it can be nested(!)

Lists work like you'd expect, by prefixing with any of the *, +, or - characters:

Check out this list:

* This
* is
* a list..

You need a blank line between a paragraph and the start of a list for the renderer to pick up on it.

Emphasis can be added like this:

*italics*
_italics_
**bold**
__bold__

You can save your code references from being misinterpreted as emphasis by surrounding them with backtick characters (`):

Use `the_best_function()` and _not_ that crummy one.

Links look like this:

[text](http://getfedora.org)

..but we also support bare links if you just provide a URL.

You can create code blocks by indenting every line of the block by at least 4 spaces or 1 tab.

Here is a code block:

    for i in range(4):
        print i
    print "done."

You can reference bug reports by simply writing something of the form tracker#ticketid.

This fixes PHP#1234 and Python#2345

... we will automatically generate links to the tickets in the appropriate trackers in place.

The supported bug tracker prefixes are: (these are all case-insensitive)

Fedora, RHBZ and RH (all point to the Red Hat Bugzilla)
GNOME
KDE
PEAR
PHP
Python

And you can refer to other users by prefixing their username with the @ symbol.

Thanks @mattdm!

This will generate a link to their profile, but it won't necessarily send them a notification unless they have a special FMN rule set up to catch it.

Lastly, you can embed inline images with syntax like this:

![Alt text](/path/to/img.jpg)

-1	0	+1	Feedback Guidelines
			#1600289 CVE-2018-10895 qutebrowser: Cross-site request forgery flaw allows sites to access 'qute://*' URLs and execute arbitrary code [fedora-all]
			Is the update generally functional?