pyrox.dev / nixpkgs
lol
fork atom

qt5.qtwebengine: mark vulnerable

Grimmauld d89ab7ff fdaf9ac0

options
unified split
Changed files
+37
pkgs
development
libraries
qt-5
modules
qtwebengine.nix
+37
pkgs/development/libraries/qt-5/modules/qtwebengine.nix 
···

       
464

       
464

       
 

       



     

       
465

       
465

       
 

       
      # This build takes a long time; particularly on slow architectures


     

       
466

       
466

       
 

       
      timeout = 24 * 3600;


     

       

       
467

       
+

       



     

       

       
468

       
+

       
      knownVulnerabilities = [


     

       

       
469

       
+

       
        ''


     

       

       
470

       
+

       
          qt5 qtwebengine is unmaintained upstream since april 2025.


     

       

       
471

       
+

       
          It is based on chromium 87.0.4280.144, and supposedly patched up to 135.0.7049.95 which is outdated.


     

       

       
472

       
+

       



     

       

       
473

       
+

       
          Security issues are frequently discovered in chromium.


     

       

       
474

       
+

       
          The following list of CVEs was fixed in the life cycle of chromium 138 and likely also affects qtwebengine:


     

       

       
475

       
+

       
          - CVE-2025-8879


     

       

       
476

       
+

       
          - CVE-2025-8880


     

       

       
477

       
+

       
          - CVE-2025-8901


     

       

       
478

       
+

       
          - CVE-2025-8881


     

       

       
479

       
+

       
          - CVE-2025-8882


     

       

       
480

       
+

       
          - CVE-2025-8576


     

       

       
481

       
+

       
          - CVE-2025-8577


     

       

       
482

       
+

       
          - CVE-2025-8578


     

       

       
483

       
+

       
          - CVE-2025-8579


     

       

       
484

       
+

       
          - CVE-2025-8580


     

       

       
485

       
+

       
          - CVE-2025-8581


     

       

       
486

       
+

       
          - CVE-2025-8582


     

       

       
487

       
+

       
          - CVE-2025-8583


     

       

       
488

       
+

       
          - CVE-2025-8292


     

       

       
489

       
+

       
          - CVE-2025-8010


     

       

       
490

       
+

       
          - CVE-2025-8011


     

       

       
491

       
+

       
          - CVE-2025-7656


     

       

       
492

       
+

       
          - CVE-2025-6558 (known to be exploited in the wild)


     

       

       
493

       
+

       
          - CVE-2025-7657


     

       

       
494

       
+

       
          - CVE-2025-6554


     

       

       
495

       
+

       
          - CVE-2025-6555


     

       

       
496

       
+

       
          - CVE-2025-6556


     

       

       
497

       
+

       
          - CVE-2025-6557


     

       

       
498

       
+

       



     

       

       
499

       
+

       
          The actual list of CVEs affecting qtwebengine is likely much longer,


     

       

       
500

       
+

       
          as this list is missing issues fixed in chromium 136/137 and even more


     

       

       
501

       
+

       
          issues are continuously discovered and lack upstream fixes in qtwebengine.


     

       

       
502

       
+

       
        ''


     

       

       
503

       
+

       
      ];


     

       
467

       
504

       
 

       
    };


     

       
468

       
505

       
 

       



     

       
469

       
506

       
 

       
  }