Bug 954210 - (CVE-2015-8079) VUL-1: CVE-2015-8079 qt5-qtwebkit: QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode
(CVE-2015-8079)
VUL-1: CVE-2015-8079 qt5-qtwebkit: QtWebKit logs visited URLs to WebpageIcons...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Max Lin
Security Team bot
https://smash.suse.de/issue/158593/
CVSSv2:RedHat:CVE-2015-8079:2.1:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-09 09:19 UTC by Sebastian Krahmer
Modified: 2016-10-26 14:20 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2015-11-09 09:19:31 UTC
Quoting from RH BZ:

"QtWebKit upstream are reviewing a patch that prevents it recording visited URLs to its favicon database (WebpageIcons.db) while using private browsing mode"


References:
https://codereview.qt-project.org/#/c/108936/
https://bugzilla.redhat.com/show_bug.cgi?id=1204795
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8079
http://seclists.org/oss-sec/2015/q4/227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8079
Comment 1 Swamp Workflow Management 2015-11-09 23:00:52 UTC
bugbot adjusting priority
Comment 2 Max Lin 2015-11-10 09:23:58 UTC
Submitted MR#78951 for SUSE:SLE-12:Update and SR#78955 for SUSE:SLE-12-SP1:GA
Comment 3 Max Lin 2015-11-20 13:35:46 UTC
should be done. set to resolved.
Comment 4 Swamp Workflow Management 2016-09-27 17:16:05 UTC
SUSE-SU-2016:2397-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 954210,990856
CVE References: CVE-2015-8079,CVE-2016-6354
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    bogofilter-1.2.4-5.3
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    flex-2.5.37-8.1, libQtWebKit4-4.8.6+2.3.3-3.1, libbonobo-2.32.1-16.1, mdbtools-0.7-5.1, netpbm-10.66.3-4.1, openslp-2.0.0-11.1, sgmltool-1.0.9-1075.1
SUSE Linux Enterprise Server 12-SP1 (src):    at-3.1.14-7.3, cyrus-imapd-2.3.18-40.1, flex-2.5.37-8.1, kdelibs4-4.12.0-7.3, libQtWebKit4-4.8.6+2.3.3-3.1, libbonobo-2.32.1-16.1, netpbm-10.66.3-4.1, openslp-2.0.0-11.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    at-3.1.14-7.3, bogofilter-1.2.4-5.3, kdelibs4-4.12.0-7.3, libQtWebKit4-4.8.6+2.3.3-3.1, libbonobo-2.32.1-16.1, netpbm-10.66.3-4.1, openslp-2.0.0-11.1