oss-sec mailing list archives
Re: Qt SSL endless loop
From: Vincent Danen <vdanen () redhat com>
Date: Fri, 16 Jul 2010 16:29:26 -0600
* [2010-07-16 11:19:09 -0400] Josh Bressers wrote:
Please use CVE-2010-2533
Wasn't this already assigned CVE-2010-2621? http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2621 It links to the same advisory (qtsslame-adv.txt) and that only seems to be reporting one single problem.
----- "Ludwig Nussel" <ludwig.nussel () suse de> wrote:Raphael Geissert wrote: > [...] > He also reported another vulnerability in Qt4's SSL support: > http://aluigi.altervista.org/adv/qtsslame-adv.txt > > (reported to the Debian maintainers in http://bugs.debian.org/587711) > > Could a CVE be assigned for this other issue too? Looks like the request got lost. The fix seems to be http://qt.gitorious.org/qt/qt/commit/f7fe575bc5f628533aeeca3eb564af89a1a1426b According to the Mumble author this fix causes a regression with peer certificate validation when used with openssl >= 0.9.8n though: http://sourceforge.net/mailarchive/forum.php?thread_name=4C3F8BC6.9030303%40natvig.com&forum_name=mumble-packaging http://bugreports.qt.nokia.com/browse/QTBUG-7200
--Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Jan Lieskovsky (Jul 02)
- Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Luigi Auriemma (Jul 02)
- Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Raphael Geissert (Jul 02)
- Re: Qt SSL endless loop Ludwig Nussel (Jul 16)
- Re: Qt SSL endless loop Josh Bressers (Jul 16)
- Re: Qt SSL endless loop Vincent Danen (Jul 16)
- Re: Qt SSL endless loop Ludwig Nussel (Jul 19)
- Re: Qt SSL endless loop Vincent Danen (Jul 19)
- Re: Qt SSL endless loop Steven M. Christey (Aug 20)
- Re: Qt SSL endless loop Vincent Danen (Aug 20)
- Re: Qt SSL endless loop Ludwig Nussel (Jul 16)