Details
-
Task
-
Resolution: Unresolved
-
Not Evaluated
-
None
-
5.12.0
-
None
Description
Recently a remote code execution vulnerability in Debian's and Ubuntu's package manager apt was reported. This was only possible because the insecure http is used for downloads.
As I was told, Qt's installers and MaintenanceTools also still use http for some packages. Instead, https should be used for downloading all metadata and packages.
Attachments
Issue Links
- is duplicated by
-
QTBUG-123621 Crash or rendering broken when changing tab while a download starts
- Reported