[Development] WebSocket Module [CVE-2018-21035]
marten.nordheim at qt.io
Mon Mar 9 15:34:43 CET 2020
On 09.03.2020 13:06, Sze Howe Koh wrote:
> On Mon, 9 Mar 2020 at 19:11, <enstone83 at gmail.com> wrote:
>> I provided a patch for CVE-2018-21035, present in Qt5 WebSocket Module.
>> However apparently since the patch adds a new API it cannot go into Qt5.
>> This vulnerability makes the Qt5 WebSocket module totally unusable for
>> use in non-trusted environment (like Internet).
>> Is there anything to do about it ?
> I suggest escalating this to the Security team for their attention
> (see https://quips-qt-io.herokuapp.com/quip-0015-Security-Policy.html
> On a related note, is Kurt Pattyn still the Maintainer for Qt
> WebSockets ? He has been quiet on codereview.qt.io since May 2014
>  and on GitHub since Feb 2019 .
Yes, Kurt still has the role.
More information about the Development