Comment 21 for bug 1157732

Has lots of embedded copies in src/3rdparty, but the build doesn't show them as being build. It is a little scary though cause there is all kinds of sensitive stuff like webkit, freetype, libjpeg, libpng, etc. There is also a lot of code that isn't compiled in src/*. I didn't try, but it really only seems like only src/xmlpatterns is compiled. In light of that, xmlpatterns is actually already supported via qt4-x11. This is just a version bump so it doesn't need a full security audit.

That said, conditional ACK provided we try to clean up the source tarball to remove all that extra stuff so we don't accidentally end up with an embedded copy copied that gets compiled which later could have a security vulnerability.