[Secure-testing-team] Bug#850954: CVE-2016-10040
Moritz Muehlenhoff
jmm at debian.org
Wed Jan 11 15:44:48 UTC 2017
Source: qtbase-opensource-src
Severity: important
Tags: security
Hi QT maintainers,
there was the following report on QXmlSimpleReader:
http://www.openwall.com/lists/oss-security/2016/12/24/2
Which upstream later later on labels as deprecated:
http://www.openwall.com/lists/oss-security/2017/01/09/1
There's probably not much we can do here, but I'd
be interested in QT maintainers opinion.
Maybe the next QT upload should simply add a note to the
changelog that it's unsupported. Do we have any notable
users of QXmlSimpleReader in stretch? Probably not.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list