--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-35325c9faf
2018-07-19 17:46:53.575353
--------------------------------------------------------------------------------
Name : qutebrowser
Product : Fedora 27
Version : 1.4.1
Release : 1.fc27
URL :
http://www.qutebrowser.org
Summary : A keyboard-driven, vim-like browser based on PyQt5 and QtWebEngine
Description :
qutebrowser is a keyboard-focused browser with a minimal GUI. It���s based on
Python, PyQt5 and QtWebEngine and free software, licensed under the GPL.
It was inspired by other browsers/addons like dwb and Vimperator/Pentadactyl.
--------------------------------------------------------------------------------
Update Information:
This update fix CVE-2018-10895 **[0]** and a few minor bugs. **[0]** : Due to a
CSRF vulnerability affecting the `qute://settings` page, it was possible for
websites to modify qutebrowser settings. Via settings like `editor.command`,
this possibly **allowed websites to execute arbitrary code**. ---- This
version fix compatibility issues with qtwebengine 5.11.x, add support for page
printing, tab muting, third-party cookie blocking and has the web inspector
"enabled" (does not require `--enable-webengine-inspector`) by default. It also
ships a few bugfixes and changes.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 11 2018 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.4.1-1
- Rebase to 1.4.1
- Remove patch introduced in 1.4.0-2, since included in upstream release 1.4.1
* Tue Jul 10 2018 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.4.0-2
- Patch critical CSRF issues with qute://settings/set URL, leading to arbitrary
code exexution.
* Tue Jul 3 2018 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.4.0-1
- Rebase to 1.4.0
* Mon Jul 2 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 1.3.3-2
- Rebuilt for Python 3.7
* Fri Jun 22 2018 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.3.3-1
- Rebase to 1.3.3
* Tue Jun 19 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 1.3.2-2
- Rebuilt for Python 3.7
* Tue Jun 12 2018 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.3.2-1
- Rebase to 1.3.2
* Tue May 29 2018 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.3.1-1
- Rebase to 1.3.1
* Fri May 4 2018 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.3.0-1
- Rebase to 1.3.0
* Tue Mar 20 2018 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.2.1-1
- Rebase to 1.2.1
* Mon Mar 12 2018 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.2.0-1
- Rebase to 1.2.0
* Mon Mar 5 2018 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.1.2-1
- Rebase to 1.1.2
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Sun Jan 21 2018 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.1.1-1
- Rebase to 1.1.1
* Thu Jan 18 2018 Igor Gnatenko <ignatenkobrain(a)fedoraproject.org> - 1.1.0-2
- Remove obsolete scriptlets
* Mon Jan 15 2018 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.1.0-1
- Rebase to 1.1.0
* Tue Nov 28 2017 Timoth��e Floure <timothee.floure(a)fnux.ch> - 1.0.4-1
- Rebase to 1.0.4
* Tue Nov 14 2017 Timoth��e Floure <timothee.floure(a)fnux.ch> - 1.0.3-2
- Fix typos in some (weak) Qt dependencies
* Tue Nov 7 2017 Timoth��e Floure <timothee.floure(a)fnux.ch> - 1.0.3-1
- Rebase to 1.0.3
- Fix dependency issue for architectures unsupported by qt5-qtwebengine
* Fri Oct 20 2017 Timoth��e Floure <timothee.floure(a)fnux.ch> - 1.0.2-1
- Rebase to 1.0.2
- Remove the deprecated Group tag
- Add the python3-attrs dependency
- Adapt the descriptions and dependencies to the QtWebEngine backend (new default)
- Doc tag: do not package the PKG-INFO file anymore
- Doc tag: package the full HTML documentation instead of sparse asciidoc files
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1600289 - CVE-2018-10895 qutebrowser: Cross-site request forgery flaw allows
sites to access 'qute://*' URLs and execute arbitrary code [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1600289
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-35325c9faf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------