[webkit-qt] Qtwebkit 5.212 dependency on glib vulnerability

Konstantin Tokarev annulen at yandex.ru
Sun Jan 24 22:16:50 PST 2021

05.01.2021, 19:56, "Ramakanth Kesireddy" <rama.kesi at gmail.com>:
> Hi,
> Our usecase is HTML rendering in non-browser applications with HTML data readily available and not running any javascript programs but only webkit scrollbar css to scroll the html content.
> In this context as mentioned in https://github.com/qtwebkit/qtwebkit/wiki/Building-QtWebKit-on-Linux, does glib dependency makes sense with the above usecase since there is a vulnerability found with the glib version 2.52.3 as https://nvd.nist.gov/vuln/detail/CVE-2019-12450.
> Please let me know your feedback incase it is relevant for Qtwebjit 5.212 in this regard.

You can build QtWebKit with disabled GStreamer, in this case it won't be using glib at all. However glib might be used by other components of your system (e.g. Qt can be built with GTK theme support which uses glib), so it's definitely better to avoid using vulnerable version.


More information about the webkit-qt mailing list