[Development] New Qt vulnerabilities
Thiago Macieira
thiago.macieira at intel.com
Thu Jan 30 19:56:18 CET 2020
On Thursday, 30 January 2020 09:16:19 PST Olivier Goffart wrote:
> > I actually found that the patch applies to 5.7, and even qt4 with the
> > proper modifications. Is there something else in the code that limits
> > the affected version or maybe it does affects older versions too?
>
> The patch just make sure that we don't do wrong call when the search
> prefixes contains '/'
> But before 5.12 (commit 5219c37f7c98f37f078fee00fe8ca35d83ff4f5d), there
> were no search prefixes with '/' in them.
> So no need to apply the patch in earlier versions.
Right, the patch applies but there's no vulnerability to be mitigated in the
first place. The issue was introduced in 5.12.0 with the search for "haswell/"
plugins.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel System Software Products
More information about the Development
mailing list