[Interest] Glib vulnerability on QT 5.6.3 dependency
Ramakanth Kesireddy
rama.kesi at gmail.com
Thu Jan 7 14:26:12 CET 2021
Thanks for your mail.
Sorry got the version wrong. Meant to upgrade from the existing version
of 2.52.3 to version higher than 2.60.4 and above.
Also in the plan to upgrade to latest Qt 6 though we are yet to decide to
move from the existing qtwebkit module to Qtwebengine.
On Thu, Jan 7, 2021 at 5:15 PM Thiago Macieira <thiago.macieira at intel.com>
wrote:
> On Thursday, 7 January 2021 03:15:41 -03 Ramakanth Kesireddy wrote:
> > A vulnerability is found with the glib version 2.52.3 as
> > https://nvd.nist.gov/vuln/detail/CVE-2019-12450.
> >
> > Is it recommended to upgrade the glib version to 2.8.3 or look for any
> > patch with the existing version or ignore the CVE?
>
> First, 52 > 8, so your question makes absolutely no sense.
>
> Second, 2.58 is not the latest stable version of glib, 2.66 is. You should
> consider upgrading to that.
>
> Third, you should always upgrade your components to avoid security issues.
> Don't let your system get too old. Like running Qt 5.6.
>
> --
> Thiago Macieira - thiago.macieira (AT) intel.com
> Software Architect - Intel DPG Cloud Engineering
>
>
>
> _______________________________________________
> Interest mailing list
> Interest at qt-project.org
> https://lists.qt-project.org/listinfo/interest
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20210107/3ab074a6/attachment.html>
More information about the Interest
mailing list