Your message dated Wed, 14 Mar 2018 15:50:52 -0300
with message-id <2021727.dg2qGaEvQ5@tonks>
and subject line Mark as done
has caused the Debian Bug report #850954,
regarding CVE-2016-10040
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
850954: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850954
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: qtbase-opensource-src
Severity: important
Tags: security
Hi QT maintainers,
there was the following report on QXmlSimpleReader:
http://www.openwall.com/lists/oss-security/2016/12/24/2
Which upstream later later on labels as deprecated:
http://www.openwall.com/lists/oss-security/2017/01/09/1
There's probably not much we can do here, but I'd
be interested in QT maintainers opinion.
Maybe the next QT upload should simply add a note to the
changelog that it's unsupported. Do we have any notable
users of QXmlSimpleReader in stretch? Probably not.
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Version: 5.7.1+dfsg-3
I can't find any reference to this CVE being present in Qt 5. If it has ever
been there it should have been solved in 5.5. Marking as fixed in 5.7.1
(stable), but of course if someone can prove this is not valid please reopen.
The code has changed quite a lot since 5.5 though...
--
"A computer is like an air conditioner. It stops working when you open
windows."
Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
