[Development] Changes to Qt offering
Robert Loehning
Robert.Loehning at qt.io
Wed Jan 29 17:10:23 CET 2020
Am 29.01.20 um 09:52 schrieb Cristián Maureira-Fredes:
> I think nobody at Qt will be so irresponsible of not notifying
> security patches, and I'm certain we will work around this issue,
> to maybe distributed in a better way for Open Source users.
Hi Cristián,
what exactly do you consider a proper notification?
I might have a wrong impression caused by the small sample size but none
of the two security issues I got in touch with before this year was
announced properly, I think.
[1] wasn't mentioned anywhere on qt.io and I didn't notice it on
announce at qt-project.org, either.
[2] was mentioned in a blog post, but I could not find any public steps
for reproducing the issue, so one cannot test whether their software is
vulnerable.
Please correct me if I missed something.
Cheers,
Robert
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-18281
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15518
More information about the Development
mailing list