Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE Request: QT CRIME vulnerability
From: Seth Arnold <seth.arnold () canonical com>
Date: Tue, 2 Oct 2012 19:37:54 -0700

Hello Steve, all,

Qt has prepared a fix to the "CRIME" SSL/TLS attack by disabling
compression but I cannot find a CVE.

Some details can be found here
http://permalink.gmane.org/gmane.comp.lib.qt.devel/6729 :
...
The git changes are as follows:
5.0: 5ea896fbc63593f424a7dfbb11387599c0025c74
4.8: d41dc3e101a694dec98d7bbb582d428d209e5401
4.7: 3488f1db96dbf70bb0486d3013d86252ebf433e0

For older 4.x releases, the 4.7 patch is expected to work.
...

Some web links to the commits in question:

http://qt.gitorious.org/qt/qt/commit/3488f1db96dbf70bb0486d3013d86252ebf433e0
http://qt.gitorious.org/qt/qt/commit/d41dc3e101a694dec98d7bbb582d428d209e5401
http://qt.gitorious.org/qt/qtbase/commit/5ea896fbc63593f424a7dfbb11387599c0025c74


Please allocate a CVE for these fixes.

Thank you

Attachment: signature.asc
Description: Digital signature


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]