[Development] How do I fix a vulnerability in Qt. I forward the question to someone, or should I write the code myself?

Bruno Crocamo bruno.crocamo at gmail.com
Wed Jul 8 18:11:16 CEST 2020


Hello. My name is Bruno and I would like to get guidance for a correction
in Qt.

An Australian government article pointed to a vulnerability in the writing
functionality of Adobe Acrobat Pro DC 2017 (
https://www.cyber.gov.au/acsc/view-all-content/publications/examination-redaction-functionality-adobe-acrobat
-pro-dc-2017).

The vulnerability refers to the values of CMap objects ordered in order to
reproduce parts of text. The vulnerability is present in Qt.

I think it would be a good idea to make a correction in Qt. I wrote a
correction for the wkhtmltopdf project (
https://github.com/wkhtmltopdf/qt/pull/47). But it is version 4.8.7. I ask
them, what would be the best way for the correction to be formally carried
out under Qt? I send the question to someone, specifically? Or should I set
up a development environment, within Qt standards, and send a commit? If I
have to do this, is there any step by step on how to contribute? Does the
contribution occur in the github environment? Or is another repository used?

I thank the attention,

hugs,

Bruno
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/development/attachments/20200708/d53b568a/attachment.html>


More information about the Development mailing list