[Development] New Qt vulnerabilities
olivier at woboq.com
Thu Jan 30 18:16:19 CET 2020
On 30/01/20 17:16, Lisandro Damián Nicanor Pérez Meyer wrote:
> Hi Thiago!
> On Wed, 29 Jan 2020 at 22:19, Thiago Macieira <thiago.macieira at intel.com> wrote:
>> Issue 2) CVE-2020-0570
>> Score: 7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
>> * Vendor: Qt Project
>> * Product: Qt
>> * Versions affected: 5.12.0 through 5.14.0
> I actually found that the patch applies to 5.7, and even qt4 with the
> proper modifications. Is there something else in the code that limits
> the affected version or maybe it does affects older versions too?
The patch just make sure that we don't do wrong call when the search prefixes
But before 5.12 (commit 5219c37f7c98f37f078fee00fe8ca35d83ff4f5d), there were
no search prefixes with '/' in them.
So no need to apply the patch in earlier versions.
More information about the Development