Bug#850954: CVE-2016-10040
Lisandro Damián Nicanor Pérez Meyer wrote:
> > Maybe the next QT upload should simply add a note to the
> > changelog that it's unsupported. Do we have any notable
> > users of QXmlSimpleReader in stretch? Probably not.
>
> I'm afraid we do:
>
> <https://codesearch.debian.net/search?q=include+%3CQXmlSimpleReader
> %3E&perpkg=1>
>
> Granted, we need to distinguish between Qt4 and Qt5 users of it.
>
> What's not clear to me from Thiago's mail is if this bug is still present in
> Qt >= 5.5 or he's referring to another corner case.
No idea, but it sounds to me as if that's still in 5.5 since the
class is more or less unmaintained.
Cheers,
Moritz
Reply to: