[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#1041104: qt6-base: CVE-2023-38197



El lunes, 17 de julio de 2023 16:25:20 -03 Dmitry Shachnev escribió:
> ¡Hola Lisandro!
> 
> On Mon, Jul 17, 2023 at 03:49:13PM -0300, Lisandro Damián Nicanor Pérez Meyer wrote:
> > El viernes, 14 de julio de 2023 18:38:45 -03 Moritz Mühlenhoff escribió:
> > > Source: qt6-base
> > > X-Debbugs-CC: team@security.debian.org
> > > Severity: important
> > > Tags: security
> > >
> > > Hi,
> > >
> > > The following vulnerability was published for qt6-base.
> > >
> > > CVE-2023-38197[0]:
> >
> > I have just tried to backport the cherry-pick of 6.5 to 6.4 but without
> > success. It requires more time and C++ knowledge I have right now I'm afraid
> > :-/
> 
> c216c3d9859a20b3aeec985512e89316423fc3a8 cherry-picks to 6.4 with only one
> conflict, in tst_qxmlstream.cpp. We don't run tests anyway so you could just
> ignore it.
> 
> Anyway, I rebased it and attaching a patch against 6.4 branch.

Problem comes at build time on line 118 on the patch you attached :-/ In fact I needed to add a header to make it work in 6.4.2 :-/

Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: