[Development] How do I fix a vulnerability in Qt. I forward the question to someone, or should I write the code myself?

Bruno Crocamo bruno.crocamo at gmail.com
Wed Jul 8 18:44:33 CEST 2020 

Hi Thiago. I made a mistake in writing. Where it reads "writing
functionality of Adobe Acrobat Pro DC 2017" read "*redaction* functionality
of Adobe Acrobat Pro DC 2017".

The link is also wrong / broken. Correct link:
*https://www.cyber.gov.au/acsc/view-all-content/publications/examination-redaction-functionality-adobe-acrobat-pro-dc-2017
<https://www.cyber.gov.au/acsc/view-all-content/publications/examination-redaction-functionality-adobe-acrobat-pro-dc-2017>*

PDF version of the article:
*https://www.cyber.gov.au/sites/default/files/2020-06/PROTECT%20-%20An%20Examination%20of%20the%20Redaction%20Functionality%20of%20Adobe%20Acrobat%20Pro%20DC%202017%20%28June%202020%29.pdf
<https://www.cyber.gov.au/sites/default/files/2020-06/PROTECT%20-%20An%20Examination%20of%20the%20Redaction%20Functionality%20of%20Adobe%20Acrobat%20Pro%20DC%202017%20%28June%202020%29.pdf>*

The image on page 8 of the article in the PDF version exemplifies the
issue: "Mapping order reflects order that characters first appear in text".

An organization may need to remove sensitive information from a PDF
document to share an ostentatious version. Adobe software is one way to do
this. However, depending on the program used to render the PDF, the removal
may fail in part due to the fact that the CMap object reflects the order in
which the characters appear in the text. This would be the case for PDF
documents generated using Qt.

I appreciate the quick response. I will read the wiki (
http://wiki.qt.io/Qt_Contribution_Guidelines).

thx,

Att,

Bruno


Em qua., 8 de jul. de 2020 às 13:23, Thiago Macieira <
thiago.macieira at intel.com> escreveu:

> On Wednesday, 8 July 2020 09:11:16 PDT Bruno Crocamo wrote:
> > But it is version 4.8.7. I ask
> > them, what would be the best way for the correction to be formally
> carried
> > out under Qt? I send the question to someone, specifically? Or should I
> set
> > up a development environment, within Qt standards, and send a commit? If
> I
> > have to do this, is there any step by step on how to contribute? Does the
> > contribution occur in the github environment? Or is another repository
> used?
>
> Hello Bruno
>
> The easiest for us is if you make a contribution to the Qt Project. We do
> not
> use GitHub. You can get started on contribution by reading this wiki:
>         http://wiki.qt.io/Qt_Contribution_Guidelines
>
> Please note that we'll require you to make the contribution to Qt 6 first
> and
> then your patch can be backported to 5.15 and, if you think it's relevant,
> to
> 5.12.
>
> It's not clear to me yet, despite reading the links you provided, what the
> issue is. When you write your commit, please explain in the commit message
> what the issue is and how your changes address them.
>
> --
> Thiago Macieira - thiago.macieira (AT) intel.com
>   Software Architect - Intel System Software Products
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/development/attachments/20200708/d480914a/attachment.html>

More information about the Development mailing list