[Development] [Announce] Security advisory: Freetype in Qt
Thiago Macieira
thiago.macieira at intel.com
Wed Jul 27 16:53:01 CEST 2022
On Wednesday, 27 July 2022 05:20:59 PDT Giuseppe D'Angelo via Development
wrote:
> Does this mean that the currently available opensource binary downloads
> (through the official installer) of Qt 5.15(.2) and 6.2 are affected by
> the CVE and will not get fixed?
>
> Should they just be removed from the online installers?
Follow the same rule as 6.1. If 6.1 is there, then so should 6.2 be. If that
one is not there, then remove 6.2 too.
There is sense in having access to historical, out-of-support and potentially
security-vulnerable software, so long as it's clear that is the case.
BTW, this is why we started the discussion on third-parties. If we had
freetype as a separate DLL, upgrading that one would solve the problem for
everything.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Cloud Software Architect - Intel DCAI Cloud Engineering
More information about the Development
mailing list