--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-61dbd4a787
2018-07-19 18:02:50.871563
--------------------------------------------------------------------------------
Name : qutebrowser
Product : Fedora 28
Version : 1.4.1
Release : 1.fc28
URL :
http://www.qutebrowser.org
Summary : A keyboard-driven, vim-like browser based on PyQt5 and QtWebEngine
Description :
qutebrowser is a keyboard-focused browser with a minimal GUI. It���s based on
Python, PyQt5 and QtWebEngine and free software, licensed under the GPL.
It was inspired by other browsers/addons like dwb and Vimperator/Pentadactyl.
--------------------------------------------------------------------------------
Update Information:
This update fix CVE-2018-10895 **[0]** and a few minor bugs. **[0]** : Due to a
CSRF vulnerability affecting the `qute://settings` page, it was possible for
websites to modify qutebrowser settings. Via settings like `editor.command`,
this possibly **allowed websites to execute arbitrary code**. ---- This
version fix compatibility issues with qtwebengine 5.11.x, add support for page
printing, tab muting, third-party cookie blocking and has the web inspector
"enabled" (does not require `--enable-webengine-inspector`) by default. It also
ships a few bugfixes and changes.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 11 2018 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.4.1-1
- Rebase to 1.4.1
- Remove patch introduced in 1.4.0-2, since included in upstream release 1.4.1
* Tue Jul 10 2018 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.4.0-2
- Patch critical CSRF issues with qute://settings/set URL, leading to arbitrary
code exexution.
* Tue Jul 3 2018 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.4.0-1
- Rebase to 1.4.0
* Mon Jul 2 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 1.3.3-2
- Rebuilt for Python 3.7
* Fri Jun 22 2018 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.3.3-1
- Rebase to 1.3.3
* Tue Jun 19 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 1.3.2-2
- Rebuilt for Python 3.7
* Tue Jun 12 2018 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.3.2-1
- Rebase to 1.3.2
* Tue May 29 2018 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.3.1-1
- Rebase to 1.3.1
* Fri May 4 2018 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.3.0-1
- Rebase to 1.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1600289 - CVE-2018-10895 qutebrowser: Cross-site request forgery flaw allows
sites to access 'qute://*' URLs and execute arbitrary code [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1600289
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-61dbd4a787' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------