Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-75358

Request libpng 1.6.37 included in QT 5.13 RC version to fix third party vulnerability

    XMLWordPrintable

    Details

    • Commits:
      2e8005765d6513c4743a939aea97c68427f6ab2c

      Description

      Our OEM one MP produce scan AMD driver include QT 5.11.0 have new third-party vulnerability as below.

      Component Version CVE Fixed QT 5.11.0 QT 5.13 beta2 Fix plan
      libpng 1.6.34 CVE-2018-14048 1.6.37 1.6.35 1.6.36 QT 5.13 beta2 will not have this fix, need to plan for another migration in upcoming releases.
      libpng 1.6.34 CVE-2018-13785 1.6.37 1.6.35 1.6.36 QT 5.13 beta2 will not have this fix, need to plan for another migration in upcoming releases.

      We observed, Qt 5.13 Beta2 is available which is listing libpng 1.6.36, this version does not include this vulnerability fix (libpng  1.6.37).

      We will push Qt 5.13.0 Release version migration as roadmap item for in AMD future driver.

      Could you help us push your internal team to update the third party libpng to 1.6.37?

      That can fix this third-party vulnerability issue in AMD future driver.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            • Assignee:
              vgt Eirik Aavitsland
              Reporter:
              jingwen Jingwen Zhu
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Gerrit Reviews

                There are no open Gerrit changes