On Wednesday, 29 January 2020 08:10:23 PST Robert Loehning wrote: > [1] wasn't mentioned anywhere on qt.io and I didn't notice it on > [email protected], either. > > [2] was mentioned in a blog post, but I could not find any public steps > for reproducing the issue, so one cannot test whether their software is > vulnerable. > > Please correct me if I missed something.
That's because we're sloppy and haven't done a proper job. The security advisory was supposed to go out at the same time as the Qt 5.14.1 release announcement. But the release announcement went out without the security advisory. I asked that the people responsible for the Qt Project's website (which merged with the Qt Company's website a few years ago) to create a proper page for it, but it wasn't done. That means there's a notice out there that Qt 5.14.1 fixed CVE-2020-0570 but very few people have an idea of what that is about. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel System Software Products _______________________________________________ Development mailing list [email protected] https://lists.qt-project.org/listinfo/development
