[Development] [Announce] Security advisory: Freetype in Qt

Thiago Macieira thiago.macieira at intel.com
Wed Jul 27 16:53:01 CEST 2022

On Wednesday, 27 July 2022 05:20:59 PDT Giuseppe D'Angelo via Development 
> Does this mean that the currently available opensource binary downloads
> (through the official installer) of Qt 5.15(.2) and 6.2 are affected by
> the CVE and will not get fixed?
> Should they just be removed from the online installers?

Follow the same rule as 6.1. If 6.1 is there, then so should 6.2 be. If that 
one is not there, then remove 6.2 too.

There is sense in having access to historical, out-of-support and potentially 
security-vulnerable software, so long as it's clear that is the case.

BTW, this is why we started the discussion on third-parties. If we had 
freetype as a separate DLL, upgrading that one would solve the problem for 

Thiago Macieira - thiago.macieira (AT) intel.com
  Cloud Software Architect - Intel DCAI Cloud Engineering

More information about the Development mailing list