[Development] [Announce] Security advisory: Freetype in Qt
Thiago Macieira
thiago.macieira at intel.com
Wed Jul 27 19:15:44 CEST 2022
On Wednesday, 27 July 2022 09:43:32 PDT Albert Astals Cid wrote:
> > 5.15:
> > https://download.qt.io/official_releases/qt/5.15/CVE-2022-27404-27405-2740
> > 6
> > -qtbase-5.15.diff
>
> This patch doesn't seem to apply over the v5.15.5-lts-lgpl tag for me, can
> someone please double check in case I'm doing something wrong?
Looks like Freetype in the current 5.15 branch does not match what's in the
patch.
$ git show origin/5.15:src/3rdparty/freetype/docs/CHANGES | head -2
CHANGES BETWEEN 2.10.0 and 2.10.1
$ curl -sL https://download.qt.io/official_releases/qt/5.15/
CVE-2022-27404-27405-27406-qtbase-5.15.diff | \
grep -A3 b/src/3rdparty/freetype/docs/CHANGES
diff --git a/src/3rdparty/freetype/docs/CHANGES b/src/3rdparty/freetype/docs/
CHANGES
index 3bd5291ae1..3ad7ec4333 100644
--- a/src/3rdparty/freetype/docs/CHANGES
+++ b/src/3rdparty/freetype/docs/CHANGES
@@ -1,4 +1,235 @@
-CHANGES BETWEEN 2.10.3 and 2.10.4
+CHANGES BETWEEN 2.12.0 and 2.12.1
The patch was created on top of FreeType 2.10.3, while the branch has 2.10.1.
I repeat :stop using the bundled third party content unless you're willing to
update it yourself. In which case, you should simply update to 2.12.1 on your
own. Ignore the patches in the CVE.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Cloud Software Architect - Intel DCAI Cloud Engineering
More information about the Development
mailing list