Unsolved Qt and OpenSSL Vuluerabilities Impact on Qt Insteller Framework
-
One of my Qt Insteller Framework(version 4.1.1)projects found some qt and openssl vulnerabilities in security scans.
Hopefully someone will tell me if they affect my installation package.
The followomg are the CVE numbers of these vulnerabilities.
qt 5.12.7:
CVE-2020-24742
CVE-2021-38593
openssl 1.1.1d:
CVE-2019-1551
CVE-2020-1967
CVE-2020-1971
CVE-2021-23841
CVE-2021-23840
CVE-2021-3449
CVE-2021-3711
CVE-2021-3712 -
@lck2000 This is user forum. You should ask on Qt developers mailing list.
-
I think the research bit is on your shoulders here.
What I can definitely say: upgrade asap! Using old OpenSSL is never a good idea! OpenSSL 1.1.1d is from September 2019.
And your Qt version is outdated, too. Newest release in 5.12 branch is 5.12.11.
-
@jsulm Thank you,I will do that
-
@sierdzio But the Qt Installer Framework I use relies on these ,and i haven't found a way to update them yet.
-
@lck2000 said in Qt and OpenSSL Vuluerabilities Impact on Qt Insteller Framework:
@sierdzio But the Qt Installer Framework I use relies on these ,and i haven't found a way to update them yet.
You can recompile Qt Installer Framework yourself. It's not a convenient solution, I know.