Unsolved Qt and CVSS score for security flaws.
-
Hello everyone,
I recently got a chance to test my windows application built in Qt5.12.3 for vulnerabilities using Blackduck tool ( by Synopsis ).
A quick scan of my binaries gave me a list of known vulnerabilities - having high CVSS score - in a few Qt libaries and its dependent libraries.
Any idea on how Qt manages its security issues?
Does Qt follow any mechanism for fixing its security related issues or is there any forum where I can know how to fix these security issues ?Any information on this would be greatly helpful!
-
@DeepakH said in Qt and CVSS score for security flaws.:
I recently got a chance to test my windows application built in Qt5.12.3 for vulnerabilities
Qt 5.12.3 is almost 2 years old.
Please re-run your tests against Qt 5.12.10, which includes security fixes and bug fixes for Qt versions 5.12.3 to 5.12.9.
Any idea on how Qt manages its security issues?
Does Qt follow any mechanism for fixing its security related issues or is there any forum where I can know how to fix these security issues ?Here is the official security policy of the Qt Project: http://quips-qt-io.herokuapp.com/quip-0015-Security-Policy.html
-
Hi and welcome to devnet,
You have the details of their handling in QUIP15