Hi again... On Thu, 30 Jan 2020 at 12:43, Lisandro Damián Nicanor Pérez Meyer <[email protected]> wrote: > > Hit Enter too fast... > > On Thu, 30 Jan 2020 at 12:39, Lisandro Damián Nicanor Pérez Meyer > <[email protected]> wrote: > [snip] > > I'm attaching the stretch debdiff. > > In this case only one CVE applies. I wanted to prepare a MR on the > security tracker for this too, but it has been forking the repo for > more than 5' already... > > So I'm adding more info here: > > - CVE-2020-0569.diff applies to all Qt 5 versions (except gles > variants) *and* also qt4-x11. > - CVE-2020-0570.diff only applies to buster, testing and sid Qt5's versions.
I'm afraid I was confused here, I think due to upstream's affected ranges. - CVE-2020-0569.diff applies to all Qt 5 versions (except gles variants) - CVE-2020-0570.diff, according to upstream, is said to affect only 5.12 onwards. But I've found the code also applies to 5.7 and even to qt4. I have just asked upstream to re check this. Cheers, Lisandro. -- Lisandro Damián Nicanor Pérez Meyer http://perezmeyer.com.ar/ http://perezmeyer.blogspot.com/ -- https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-talk
