Opened 23 months ago
Closed 22 months ago
#16682 closed enhancement (fixed)
qt5-5.15.5
Reported by: | Bruce Dubbs | Owned by: | pierre |
---|---|---|---|
Priority: | normal | Milestone: | 11.2 |
Component: | BOOK | Version: | git |
Severity: | normal | Keywords: | |
Cc: |
Description
New point version. Now released to open source.
Change History (7)
comment:1 by , 23 months ago
Summary: | qt-5.15.5 → qt5-5.15.5 |
---|
comment:2 by , 23 months ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:3 by , 22 months ago
I've used the same procedure as in ticket #16549 for generating the patchset, except another module needs to be "deinitied":
git submodule deinit qtquick3dphysics
Of course the "git diff" command has to be changed to:
git diff v5.15.5-lts-lgpl..origin/kde/5.15 --submodule=diff > /path/to/patch
comment:4 by , 22 months ago
The file qtbase/src/gui/painting/qpaintengineex.cpp has been modified at commit 6d887717b9 in the repository maintained by kde folks, after the change above, so the sed is not needed, and the CVE should be considered as fixed.
comment:7 by , 22 months ago
Resolution: | → fixed |
---|---|
Status: | reopened → closed |
Advisory committed at ac5b25a of the www repository.
Note:
See TracTickets
for help on using tickets.
From Ken's mail:
I have no idea if 5.15.5 includes aything useful compared to 5.15.4, but in paid-for 5.15.6 there is a fix for https://nvd.nist.gov/vuln/detail/CVE-2021-38593 with an individual patch at fedora https://src.fedoraproject.org/rpms/qt5-qtbase/blob/rawhide/f/qtbase-everywhere-src-5.15.4-cve-2021-38593.patch and presumably in current kf5.15.
And Bruce proposes this sed:
In Ken's mail, there is also a reference to this qt6 commit: https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c, which looks like the same change...
Anyway it looks like qpaintengineex.cpp is already heavily patched in kf5 patch, so not sure whether this should be applied.