[Development] [Announce] Security advisory: Freetype in Qt

Giuseppe D'Angelo giuseppe.dangelo at kdab.com
Wed Jul 27 20:47:20 CEST 2022


Il 27/07/22 16:53, Thiago Macieira ha scritto:
> On Wednesday, 27 July 2022 05:20:59 PDT Giuseppe D'Angelo via Development
> wrote:
>> Does this mean that the currently available opensource binary downloads
>> (through the official installer) of Qt 5.15(.2) and 6.2 are affected by
>> the CVE and will not get fixed?
>>
>> Should they just be removed from the online installers?
> Follow the same rule as 6.1. If 6.1 is there, then so should 6.2 be. If that
> one is not there, then remove 6.2 too.
> 
> There is sense in having access to historical, out-of-support and potentially
> security-vulnerable software, so long as it's clear that is the case.

Right now, if one selects "LTS" and "Latest releases" (and *not* 
"Archive"), one gets

* 6.3.1
* 6.2.4
* 5.15.2

all of which are bugged AFAICT?

Thanks,

-- 
Giuseppe D'Angelo | giuseppe.dangelo at kdab.com | Senior Software Engineer
KDAB (France) S.A.S., a KDAB Group company
Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
KDAB - The Qt, C++ and OpenGL Experts
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4244 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.qt-project.org/pipermail/development/attachments/20220727/98313088/attachment-0001.bin>


More information about the Development mailing list