[Development] [Announce] Security advisory: Freetype in Qt

Andy Shaw andy.shaw at qt.io
Wed Jul 27 15:21:38 CEST 2022


The existing pre-built versions of 5.15 and 6.2 will have this problem yes, but I don’t know what the plan would be for releasing an update one in these cases though. That would be down to the release team to comment on.

Kind regards,

-----Original Message-----
From: Development <development-bounces at qt-project.org> On Behalf Of Giuseppe D'Angelo via Development
Sent: Wednesday, July 27, 2022 2:21 PM
To: development at qt-project.org
Subject: Re: [Development] [Announce] Security advisory: Freetype in Qt


Il 27/07/22 14:00, List for announcements regarding Qt releases and development via Development ha scritto:
> These effects configurations of Qt that have been built against the bundled version of FreeType. If you are using a pre-built version of Qt then this will be using the bundled version of FreeType by default, otherwise you will be using the system version by default, in which case you should check if the system needs to be updated or not. If the system needs to be updated, then updating it is enough to solve the issue. There is no need to rebuild Qt in that case.

Does this mean that the currently available opensource binary downloads 
(through the official installer) of Qt 5.15(.2) and 6.2 are affected by 
the CVE and will not get fixed?

Should they just be removed from the online installers?

Giuseppe D'Angelo | giuseppe.dangelo at kdab.com | Senior Software Engineer
KDAB (France) S.A.S., a KDAB Group company
Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
KDAB - The Qt, C++ and OpenGL Experts

More information about the Development mailing list