Bug#850954: CVE-2016-10040

To: 850954@bugs.debian.org
Subject: Bug#850954: CVE-2016-10040
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Wed, 11 Jan 2017 22:09:25 +0100
Message-id: <[🔎] 20170111210925.wrwbjiotvfz5c5iz@pisco.westfalen.local>
Reply-to: Moritz Mühlenhoff <jmm@inutil.org>, 850954@bugs.debian.org
In-reply-to: <[🔎] 1561319.G2CQHpJD4i@tonks>
References: <[🔎] 148414948834.6998.12223844074535114656.reportbug@hullmann.westfalen.local> <[🔎] 1561319.G2CQHpJD4i@tonks>

Lisandro Damián Nicanor Pérez Meyer wrote:
> > Maybe the next QT upload should simply add a note to the
> > changelog that it's unsupported. Do we have any notable
> > users of QXmlSimpleReader in stretch? Probably not.
> 
> I'm afraid we do:
> 
> <https://codesearch.debian.net/search?q=include+%3CQXmlSimpleReader
> %3E&perpkg=1>
> 
> Granted, we need to distinguish between Qt4 and Qt5 users of it.
> 
> What's not clear to me from Thiago's mail is if this bug is still present in 
> Qt >= 5.5 or he's referring to another corner case.

No idea, but it sounds to me as if that's still in 5.5 since the
class is more or less unmaintained.

Cheers,
        Moritz

Reply to:

References:
- Bug#850954: CVE-2016-10040
  - From: Moritz Muehlenhoff <jmm@debian.org>
- Bug#850954: CVE-2016-10040
  - From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>

Prev by Date: Processed: your mail
Next by Date: Bug#846389: plasma-workspace: random plasmashell freezes
Previous by thread: Processed: Re: Bug#850954: CVE-2016-10040
Next by thread: Processing of qtbase-opensource-src_5.7.1+dfsg-3_source.changes
Index(es):
- Date
- Thread