Описание
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| qt6-base | fixed | 6.2.4+dfsg-4 | package | |
| qtbase-opensource-src | fixed | 5.15.2+dfsg-15 | package | |
| qtbase-opensource-src | fixed | 5.15.2+dfsg-9+deb11u1 | bullseye | package |
| qtbase-opensource-src | ignored | buster | package | |
| qtbase-opensource-src | not-affected | stretch | package | |
| qtbase-opensource-src-gles | fixed | 5.15.4+dfsg-2 | package | |
| qtbase-opensource-src-gles | no-dsa | bullseye | package | |
| qtbase-opensource-src-gles | ignored | buster | package |
Примечания
https://codereview.qt-project.org/c/qt/qtbase/+/393113
https://codereview.qt-project.org/c/qt/qtbase/+/394914
https://codereview.qt-project.org/c/qt/qtbase/+/396020
https://github.com/qt/qtbase/commit/ab6915f0efb12cfe48d1f126f4a828212f853ce5 (v6.2.4)
https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff
https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff
https://www.qt.io/blog/security-advisory-qprocess
EPSS
Связанные уязвимости
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
EPSS