On 30/01/20 17:16, Lisandro Damián Nicanor Pérez Meyer wrote:
Hi Thiago!
On Wed, 29 Jan 2020 at 22:19, Thiago Macieira <[email protected]> wrote:
[snip]
Issue 2) CVE-2020-0570
Score: 7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
* Vendor: Qt Project
* Product: Qt
* Versions affected: 5.12.0 through 5.14.0
I actually found that the patch applies to 5.7, and even qt4 with the
proper modifications. Is there something else in the code that limits
the affected version or maybe it does affects older versions too?
The patch just make sure that we don't do wrong call when the search prefixes
contains '/'
But before 5.12 (commit 5219c37f7c98f37f078fee00fe8ca35d83ff4f5d), there were
no search prefixes with '/' in them.
So no need to apply the patch in earlier versions.
--
Olivier
_______________________________________________
Development mailing list
[email protected]
https://lists.qt-project.org/listinfo/development
