CVE-2010-5076
Published: 29 June 2012
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Notes
Author | Note |
---|---|
jdstrand | Ubuntu 11.04 and higher not affected |
Priority
Status
Package | Release | Status |
---|---|---|
qt4-x11 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(4:4.6.2-0ubuntu5.4)
|
|
natty |
Not vulnerable
(4:4.7.2-0ubuntu6.3)
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
upstream |
Released
(4:4.7.2)
|
|
Patches: vendor: https://rhn.redhat.com/errata/RHSA-2012-0880.html other: https://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0 other: https://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e |