clone 850954 -1 reassign -1 qt4-x11 4:4.8.2+dfsg-11 thanks On miércoles, 11 de enero de 2017 16:44:48 ART Moritz Muehlenhoff wrote: > Source: qtbase-opensource-src > Severity: important > Tags: security > > Hi QT maintainers,
Hi Moritz! > there was the following report on QXmlSimpleReader: > http://www.openwall.com/lists/oss-security/2016/12/24/2 > > Which upstream later later on labels as deprecated: > http://www.openwall.com/lists/oss-security/2017/01/09/1 > > There's probably not much we can do here, but I'd > be interested in QT maintainers opinion. Thanks a lot for putting this into our attention! The first thing here is to note that this bug seems to be present in Qt4 too so I'm cloning the bug. > Maybe the next QT upload should simply add a note to the > changelog that it's unsupported. Do we have any notable > users of QXmlSimpleReader in stretch? Probably not. I'm afraid we do: <https://codesearch.debian.net/search?q=include+%3CQXmlSimpleReader %3E&perpkg=1> Granted, we need to distinguish between Qt4 and Qt5 users of it. What's not clear to me from Thiago's mail is if this bug is still present in Qt >= 5.5 or he's referring to another corner case. Can you clarify this? -- 1: Una computadora sirve: * Para tratar de dominar el mundo, un caso conocido de esto fue el de Skinet Damian Nadales http://mx.grulic.org.ar/lurker/message/20080307.141449.a70fb2fc.es.html Lisandro Damián Nicanor Pérez Meyer http://perezmeyer.com.ar/ http://perezmeyer.blogspot.com/
signature.asc
Description: This is a digitally signed message part.
