Bug#850954: CVE-2016-10040
Source: qtbase-opensource-src
Severity: important
Tags: security
Hi QT maintainers,
there was the following report on QXmlSimpleReader:
http://www.openwall.com/lists/oss-security/2016/12/24/2
Which upstream later later on labels as deprecated:
http://www.openwall.com/lists/oss-security/2017/01/09/1
There's probably not much we can do here, but I'd
be interested in QT maintainers opinion.
Maybe the next QT upload should simply add a note to the
changelog that it's unsupported. Do we have any notable
users of QXmlSimpleReader in stretch? Probably not.
Cheers,
Moritz
Reply to: