In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qt | Qt | 5.9.0 (including) | 5.15.9 (excluding) |
| Qt | Qt | 6.0.0 (including) | 6.2.4 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | qt5-0:5.15.3-1.el8 | * |
| Red Hat Enterprise Linux 9 | RedHat | qt5-0:5.15.3-1.el9 | * |
| Qt6-base | Ubuntu | kinetic | * |
| Qt6-base | Ubuntu | lunar | * |
| Qt6-base | Ubuntu | mantic | * |
| Qt6-base | Ubuntu | oracular | * |
| Qt6-base | Ubuntu | plucky | * |
| Qt6-base | Ubuntu | trusty | * |
| Qt6-base | Ubuntu | xenial | * |
| Qtbase-opensource-src | Ubuntu | esm-apps/focal | * |
| Qtbase-opensource-src | Ubuntu | focal | * |
| Qtbase-opensource-src | Ubuntu | impish | * |
| Qtbase-opensource-src | Ubuntu | trusty | * |
| Qtbase-opensource-src | Ubuntu | upstream | * |
| Qtbase-opensource-src | Ubuntu | xenial | * |
References
- https://codereview.qt-project.org/c/qt/qtbase/+/393113
- https://codereview.qt-project.org/c/qt/qtbase/+/394914
- https://codereview.qt-project.org/c/qt/qtbase/+/396020
- https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff
- https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff
- https://codereview.qt-project.org/c/qt/qtbase/+/393113
- https://codereview.qt-project.org/c/qt/qtbase/+/394914
- https://codereview.qt-project.org/c/qt/qtbase/+/396020
- https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff
- https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff