[Development] New Qt vulnerabilities
Olivier Goffart
olivier at woboq.com
Thu Jan 30 18:16:19 CET 2020
On 30/01/20 17:16, Lisandro Damián Nicanor Pérez Meyer wrote:
> Hi Thiago!
>
> On Wed, 29 Jan 2020 at 22:19, Thiago Macieira <thiago.macieira at intel.com> wrote:
> [snip]
>> Issue 2) CVE-2020-0570
>> Score: 7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
>> * Vendor: Qt Project
>> * Product: Qt
>> * Versions affected: 5.12.0 through 5.14.0
>
> I actually found that the patch applies to 5.7, and even qt4 with the
> proper modifications. Is there something else in the code that limits
> the affected version or maybe it does affects older versions too?
The patch just make sure that we don't do wrong call when the search prefixes
contains '/'
But before 5.12 (commit 5219c37f7c98f37f078fee00fe8ca35d83ff4f5d), there were
no search prefixes with '/' in them.
So no need to apply the patch in earlier versions.
--
Olivier
More information about the Development
mailing list