On Wednesday, 29 January 2020 08:10:23 PST Robert Loehning wrote:
> [1] wasn't mentioned anywhere on qt.io and I didn't notice it on
> [email protected], either.
> 
> [2] was mentioned in a blog post, but I could not find any public steps
> for reproducing the issue, so one cannot test whether their software is
> vulnerable.
> 
> Please correct me if I missed something.

That's because we're sloppy and haven't done a proper job. The security 
advisory was supposed to go out at the same time as the Qt 5.14.1 release 
announcement. But the release announcement went out without the security 
advisory. I asked that the people responsible for the Qt Project's website 
(which merged with the Qt Company's website a few years ago) to create a 
proper page for it, but it wasn't done.

That means there's a notice out there that Qt 5.14.1 fixed CVE-2020-0570 but 
very few people have an idea of what that is about.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products



_______________________________________________
Development mailing list
[email protected]
https://lists.qt-project.org/listinfo/development

Reply via email to