On Wednesday, 7 May 2025 14:16:08 Central European Summer Time Schimkowitsch Robert wrote: > Regarding CVE-2025-4211, “Improper Link Resolution Before File Access in > QFileSystemEngine”, could someone elaborate what public APIs are affected? > The mentioned QFileSystemEngine is not a public API, so which public APIs > use it internally? Since the issue mentions GetTempPath, which sounds like > it would only affect usages that are related to temporary files and > folders. Is this assessment correct?
We should have mentioned this on the disclosure... The front-end is QDir::tempPath(). Also affects anything using that behind the scenes too, of which there is a lot, like QStandardPaths with TempLocation, QTemporaryDir, QTemporaryFile. -- Thiago Macieira - thiago.macieira (AT) intel.com Principal Engineer - Intel DCAI Platform & System Engineering
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
