FEDORA-2018-61dbd4a787 — security update for qutebrowser

stable

qutebrowser-1.4.1-1.fc28

FEDORA-2018-61dbd4a787 created by fnux 6 years ago for Fedora 28

This update fix CVE-2018-10895 [0] and a few minor bugs.

[0] : Due to a CSRF vulnerability affecting the qute://settings page, it was possible for websites to modify qutebrowser settings. Via settings like editor.command, this possibly allowed websites to execute arbitrary code.

This version fix compatibility issues with qtwebengine 5.11.x, add support for page printing, tab muting, third-party cookie blocking and has the web inspector "enabled" (does not require --enable-webengine-inspector) by default. It also ships a few bugfixes and changes.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2018-61dbd4a787

This update has been submitted for testing by fnux.

6 years ago

This update has obsoleted qutebrowser-1.4.0-1.fc28, and has inherited its bugs and notes.

6 years ago

This update has been pushed to testing.

6 years ago

fnux edited this update.

6 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

6 years ago

This update has been submitted for stable by fnux.

6 years ago

This update has been pushed to stable.

6 years ago

Please log in to add feedback.

Metadata

Type

security

Severity

urgent

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

disabled

Dates

submitted

6 years ago

in testing

6 years ago

in stable

6 years ago

modified

6 years ago

Builds

qutebrowser-1.4.1-1.fc28

BZ#1600289 CVE-2018-10895 qutebrowser: Cross-site request forgery flaw allows sites to access 'qute://*' URLs and execute arbitrary code [fedora-all]

qutebrowser-1.4.1-1.fc28

Automated Test Results

ignored