Backport PR 21364 into 4.6.x

[nazar-pc]

#21364

Can we get this backported to v4.6.x branch given its security nature? Due to v5.0 requirements for Qt, new versions are not available in Ubuntu 24.04 (#21608 (comment)). I believe because of this, it warrants having security release for older branch. Leaving 24.04 out of support feels kinda cheap consider this is current LTS and released just few months ago.

Originally posted by @proton-ab in #21364 (comment)

[stalkerok]

No.
IMO, Sharp Security's dirty PR at the expense of exaggerating a non-existent issue. Has nothing to do with security.

[ArcticGems]

No. IMO, Sharp Security's dirty PR at the expense of exaggerating a non-existent issue. Has nothing to do with security.

So Sharp Security's findings are wrong???

[nazar-pc]

This is not the right place to debate whether the issue is real or not. The issue is quite obviously real and significant, or else it wouldn't be fixed.

The only remaining question is whether maintainers will backport the fix for Ubuntu LTS and similar distros or not. I personally hope they do, hence the issue, but it is up to them of course.

[stalkerok]

So Sharp Security's findings are wrong???

The findings are very much exaggerated to make a name for themselves.

The issue is quite obviously real and significant, or else it wouldn't be fixed.

It's not significant.
You want security? Don't use the internet and don't download anything via torrent.

[xavier2k6]

@sledgehammer999 Please contribute when free.