Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-75358

Request libpng 1.6.37 included in QT 5.13 RC version to fix third party vulnerability

    XMLWordPrintable

Details

    • 2e8005765d6513c4743a939aea97c68427f6ab2c

    Description

      Our OEM one MP produce scan AMD driver include QT 5.11.0 have new third-party vulnerability as below.

      Component Version CVE Fixed QT 5.11.0 QT 5.13 beta2 Fix plan
      libpng 1.6.34 CVE-2018-14048 1.6.37 1.6.35 1.6.36 QT 5.13 beta2 will not have this fix, need to plan for another migration in upcoming releases.
      libpng 1.6.34 CVE-2018-13785 1.6.37 1.6.35 1.6.36 QT 5.13 beta2 will not have this fix, need to plan for another migration in upcoming releases.

      We observed, Qt 5.13 Beta2 is available which is listing libpng 1.6.36, this version does not include this vulnerability fix (libpng  1.6.37).

      We will push Qt 5.13.0 Release version migration as roadmap item for in AMD future driver.

      Could you help us push your internal team to update the third party libpng to 1.6.37?

      That can fix this third-party vulnerability issue in AMD future driver.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            vgt Eirik Aavitsland
            jingwen Jingwen Zhu
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes