[Bug 191218] Re: [qt4] [CVE-2007-5965] error in handling certificate verification in SSL connections
Launchpad Bug Tracker
191218 at bugs.launchpad.net
Wed Feb 20 14:03:22 UTC 2008
This bug was fixed in the package qt4-x11 - 4.3.2-0ubuntu3.2
---------------
qt4-x11 (4.3.2-0ubuntu3.2) gutsy-security; urgency=low
* SECURITY UPDATE: a potential vulnerability in QSslSocket, which
might cause a certificate verification in SSL connections not to
be performed. As a consequence, code using QSslSocket might be
misled into thinking the certificate was verified correctly when
it actually failed in one or more criteria.
* Added kubuntu_02_qsslsocket_verification.dpatch from
http://www.trolltech.com/developer/download/190133.patch: ensure
certificates are verified. (Fixes LP: #191218)
* References
http://trolltech.com/company/newsroom/announcements/press.2007-12-21.2182567220
CVE-2007-5965
-- Jonathan Riddell <jriddell at ubuntu.com> Wed, 20 Feb 2008 00:26:45
+0000
** Changed in: qt4-x11 (Ubuntu Gutsy)
Status: New => Fix Released
--
[qt4] [CVE-2007-5965] error in handling certificate verification in SSL connections
https://bugs.launchpad.net/bugs/191218
You received this bug notification because you are a member of Kubuntu
Team, which is a bug contact for qt4-x11 in ubuntu.
More information about the kubuntu-bugs
mailing list