Our OEM one MP produce scan AMD driver include QT 5.11.0 have new third-party vulnerability as below.
|Component||Version||CVE||Fixed||QT 5.11.0||QT 5.13 beta2||Fix plan|
|libpng||1.6.34||CVE-2018-14048||1.6.37||1.6.35||1.6.36||QT 5.13 beta2 will not have this fix, need to plan for another migration in upcoming releases.|
|libpng||1.6.34||CVE-2018-13785||1.6.37||1.6.35||1.6.36||QT 5.13 beta2 will not have this fix, need to plan for another migration in upcoming releases.|
We observed, Qt 5.13 Beta2 is available which is listing libpng 1.6.36, this version does not include this vulnerability fix (libpng 1.6.37).
We will push Qt 5.13.0 Release version migration as roadmap item for in AMD future driver.
Could you help us push your internal team to update the third party libpng to 1.6.37?
That can fix this third-party vulnerability issue in AMD future driver.