[Development] Changes to Qt offering

Thiago Macieira thiago.macieira at intel.com
Thu Jan 30 01:55:18 CET 2020

On Wednesday, 29 January 2020 08:10:23 PST Robert Loehning wrote:
> [1] wasn't mentioned anywhere on qt.io and I didn't notice it on
> announce at qt-project.org, either.
> [2] was mentioned in a blog post, but I could not find any public steps
> for reproducing the issue, so one cannot test whether their software is
> vulnerable.
> Please correct me if I missed something.

That's because we're sloppy and haven't done a proper job. The security 
advisory was supposed to go out at the same time as the Qt 5.14.1 release 
announcement. But the release announcement went out without the security 
advisory. I asked that the people responsible for the Qt Project's website 
(which merged with the Qt Company's website a few years ago) to create a 
proper page for it, but it wasn't done.

That means there's a notice out there that Qt 5.14.1 fixed CVE-2020-0570 but 
very few people have an idea of what that is about.

Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products

More information about the Development mailing list