[Development] Changes to Qt offering
Thiago Macieira
thiago.macieira at intel.com
Thu Jan 30 01:55:18 CET 2020
On Wednesday, 29 January 2020 08:10:23 PST Robert Loehning wrote:
> [1] wasn't mentioned anywhere on qt.io and I didn't notice it on
> announce at qt-project.org, either.
>
> [2] was mentioned in a blog post, but I could not find any public steps
> for reproducing the issue, so one cannot test whether their software is
> vulnerable.
>
> Please correct me if I missed something.
That's because we're sloppy and haven't done a proper job. The security
advisory was supposed to go out at the same time as the Qt 5.14.1 release
announcement. But the release announcement went out without the security
advisory. I asked that the people responsible for the Qt Project's website
(which merged with the Qt Company's website a few years ago) to create a
proper page for it, but it wasn't done.
That means there's a notice out there that Qt 5.14.1 fixed CVE-2020-0570 but
very few people have an idea of what that is about.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel System Software Products
More information about the Development
mailing list