Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-75358

Request libpng 1.6.37 included in QT 5.13 RC version to fix third party vulnerability

XMLWordPrintable

    • 2e8005765d6513c4743a939aea97c68427f6ab2c

      Our OEM one MP produce scan AMD driver include QT 5.11.0 have new third-party vulnerability as below.

      Component Version CVE Fixed QT 5.11.0 QT 5.13 beta2 Fix plan
      libpng 1.6.34 CVE-2018-14048 1.6.37 1.6.35 1.6.36 QT 5.13 beta2 will not have this fix, need to plan for another migration in upcoming releases.
      libpng 1.6.34 CVE-2018-13785 1.6.37 1.6.35 1.6.36 QT 5.13 beta2 will not have this fix, need to plan for another migration in upcoming releases.

      We observed, Qt 5.13 Beta2 is available which is listing libpng 1.6.36, this version does not include this vulnerability fix (libpng  1.6.37).

      We will push Qt 5.13.0 Release version migration as roadmap item for in AMD future driver.

      Could you help us push your internal team to update the third party libpng to 1.6.37?

      That can fix this third-party vulnerability issue in AMD future driver.

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            vgt Eirik Aavitsland
            jingwen Jingwen Zhu
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes