On Wednesday, 14 August 2019 00:59:39 CEST Thiago Macieira wrote: > On Tuesday, 13 August 2019 13:03:17 PDT Lisandro Damián Nicanor Pérez Meyer > > wrote: > > PDF libraries tend to be a common source of CVEs, so whichever library > > is used it should be certainly easy to update without the need of a > > third party acting as a proxy. > > That is also the biggest drawback with Poppler, so if PDFium does it better, > it's a nice advantage. > > Poppler only ships security fixes for the latest version, not any past > release. So if you are affected, unless you have the knowledge to backport a > fix, you have to upgrade to a release which may contain new features. > That is exactly the same Chromium does. Except we already put the work into backporting the fixes.
'Allan _______________________________________________ Development mailing list [email protected] https://lists.qt-project.org/listinfo/development
