oss-sec mailing list archives
CVE Request: QT CRIME vulnerability
From: Seth Arnold <seth.arnold () canonical com>
Date: Tue, 2 Oct 2012 19:37:54 -0700
Hello Steve, all, Qt has prepared a fix to the "CRIME" SSL/TLS attack by disabling compression but I cannot find a CVE. Some details can be found here http://permalink.gmane.org/gmane.comp.lib.qt.devel/6729 :
... The git changes are as follows: 5.0: 5ea896fbc63593f424a7dfbb11387599c0025c74 4.8: d41dc3e101a694dec98d7bbb582d428d209e5401 4.7: 3488f1db96dbf70bb0486d3013d86252ebf433e0 For older 4.x releases, the 4.7 patch is expected to work. ...
Some web links to the commits in question: http://qt.gitorious.org/qt/qt/commit/3488f1db96dbf70bb0486d3013d86252ebf433e0 http://qt.gitorious.org/qt/qt/commit/d41dc3e101a694dec98d7bbb582d428d209e5401 http://qt.gitorious.org/qt/qtbase/commit/5ea896fbc63593f424a7dfbb11387599c0025c74 Please allocate a CVE for these fixes. Thank you
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE Request: QT CRIME vulnerability Seth Arnold (Oct 02)
- Re: CVE Request: QT CRIME vulnerability Kurt Seifried (Oct 02)
- Re: CVE Request: QT CRIME vulnerability cve-assign (Oct 08)
- Re: CVE Request: QT CRIME vulnerability Kurt Seifried (Oct 02)