Re: [Interest] Glib vulnerability on QT 5.6.3 dependency
Thanks for your mail. Sorry got the version wrong. Meant to upgrade from the existing version of 2.52.3 to version higher than 2.60.4 and above. Also in the plan to upgrade to latest Qt 6 though we are yet to decide to move from the existing qtwebkit module to Qtwebengine. On Thu, Jan 7, 2021 at 5:15 PM Thiago Macieira wrote: > On Thursday, 7 January 2021 03:15:41 -03 Ramakanth Kesireddy wrote: > > A vulnerability is found with the glib version 2.52.3 as > > https://nvd.nist.gov/vuln/detail/CVE-2019-12450. > > > > Is it recommended to upgrade the glib version to 2.8.3 or look for any > > patch with the existing version or ignore the CVE? > > First, 52 > 8, so your question makes absolutely no sense. > > Second, 2.58 is not the latest stable version of glib, 2.66 is. You should > consider upgrading to that. > > Third, you should always upgrade your components to avoid security issues. > Don't let your system get too old. Like running Qt 5.6. > > -- > Thiago Macieira - thiago.macieira (AT) intel.com > Software Architect - Intel DPG Cloud Engineering > > > > ___ > Interest mailing list > Interest@qt-project.org > https://lists.qt-project.org/listinfo/interest > ___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
Re: [Interest] Glib vulnerability on QT 5.6.3 dependency
On Thursday, 7 January 2021 03:15:41 -03 Ramakanth Kesireddy wrote: > A vulnerability is found with the glib version 2.52.3 as > https://nvd.nist.gov/vuln/detail/CVE-2019-12450. > > Is it recommended to upgrade the glib version to 2.8.3 or look for any > patch with the existing version or ignore the CVE? First, 52 > 8, so your question makes absolutely no sense. Second, 2.58 is not the latest stable version of glib, 2.66 is. You should consider upgrading to that. Third, you should always upgrade your components to avoid security issues. Don't let your system get too old. Like running Qt 5.6. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel DPG Cloud Engineering ___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
[Interest] Glib vulnerability on QT 5.6.3 dependency
Hi, Am using Qt 5.6.3 widgets on embedded Linux through yocto recipes which depends on libglib-2.0. The modules being used by our single threaded application are core,gui,widgets and printsupport. Our usecases incase of QT involve c++ widgets with stylesheet with QStackedlayout and signals/slots and QTimers. A vulnerability is found with the glib version 2.52.3 as https://nvd.nist.gov/vuln/detail/CVE-2019-12450. Is it recommended to upgrade the glib version to 2.8.3 or look for any patch with the existing version or ignore the CVE? Please let me know your feedback in this regard. Thanks and Regards, Ramakanth ___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest