CVE-2020-0569

Priority
Description
QPluginLoader in Qt versions 5.0.0 through 5.13.2 would search for certain
plugins first on the current working directory of the application, which
allows an attacker that can place files in the file system and influence the
working directory of Qt-based applications to load and execute malicious code.
This issue was verified on macOS and Linux and probably affects all other Unix
operating systems. This issue does not affect Windows.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (5.12.5+dfsg-8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (5.5.1+dfsg-16ubuntu7.7)
Ubuntu 18.04 LTS (Bionic Beaver):released (5.9.5+dfsg-0ubuntu2.5)
Ubuntu 19.10 (Eoan Ermine):released (5.12.4+dfsg-4ubuntu1.1)
Ubuntu 20.04 (Focal Fossa):not-affected (5.12.5+dfsg-8)
Patches:
Upstream:https://code.qt.io/cgit/qt/qtbase.git/commit/?id=bf131e8d2181b3404f5293546ed390999f760404 (5.6.0 to 5.13.2)
Upstream:https://code.qt.io/cgit/qt/qtbase.git/commit/?id=5c4234ed958130d655df8197129806f687d4df0d (5.0.0 to 5.5.1)
More Information

Updated: 2020-02-10 15:15:24 UTC (commit e2b80aba94d218c7417082d5acfc48647f8445c7)