clone 850954 -1
reassign -1 qt4-x11 4:4.8.2+dfsg-11
thanks
On miércoles, 11 de enero de 2017 16:44:48 ART Moritz Muehlenhoff wrote:
> Source: qtbase-opensource-src
> Severity: important
> Tags: security
>
> Hi QT maintainers,
Hi Moritz!
> there was the following report on QXmlSimpleReader:
> http://www.openwall.com/lists/oss-security/2016/12/24/2
>
> Which upstream later later on labels as deprecated:
> http://www.openwall.com/lists/oss-security/2017/01/09/1
>
> There's probably not much we can do here, but I'd
> be interested in QT maintainers opinion.
Thanks a lot for putting this into our attention! The first thing here is to
note that this bug seems to be present in Qt4 too so I'm cloning the bug.
> Maybe the next QT upload should simply add a note to the
> changelog that it's unsupported. Do we have any notable
> users of QXmlSimpleReader in stretch? Probably not.
I'm afraid we do:
<https://codesearch.debian.net/search?q=include+%3CQXmlSimpleReader
%3E&perpkg=1>
Granted, we need to distinguish between Qt4 and Qt5 users of it.
What's not clear to me from Thiago's mail is if this bug is still present in
Qt >= 5.5 or he's referring to another corner case.
Can you clarify this?
--
1: Una computadora sirve:
* Para tratar de dominar el mundo, un caso conocido de esto fue el de
Skinet
Damian Nadales
http://mx.grulic.org.ar/lurker/message/20080307.141449.a70fb2fc.es.html
Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/
Attachment:
signature.asc
Description: This is a digitally signed message part.