oss-sec mailing list archives
Re: Qt SSL endless loop
From: Josh Bressers <bressers () redhat com>
Date: Fri, 16 Jul 2010 11:19:09 -0400 (EDT)
Please use CVE-2010-2533
Thanks.
--
JB
----- "Ludwig Nussel" <ludwig.nussel () suse de> wrote:
Raphael Geissert wrote:[...] He also reported another vulnerability in Qt4's SSL support: http://aluigi.altervista.org/adv/qtsslame-adv.txt (reported to the Debian maintainers inhttp://bugs.debian.org/587711)Could a CVE be assigned for this other issue too?Looks like the request got lost. The fix seems to be http://qt.gitorious.org/qt/qt/commit/f7fe575bc5f628533aeeca3eb564af89a1a1426b According to the Mumble author this fix causes a regression with peer certificate validation when used with openssl >= 0.9.8n though: http://sourceforge.net/mailarchive/forum.php?thread_name=4C3F8BC6.9030303%40natvig.com&forum_name=mumble-packaging http://bugreports.qt.nokia.com/browse/QTBUG-7200 cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Current thread:
- CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Jan Lieskovsky (Jul 02)
- Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Luigi Auriemma (Jul 02)
- Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Raphael Geissert (Jul 02)
- Re: Qt SSL endless loop Ludwig Nussel (Jul 16)
- Re: Qt SSL endless loop Josh Bressers (Jul 16)
- Re: Qt SSL endless loop Vincent Danen (Jul 16)
- Re: Qt SSL endless loop Ludwig Nussel (Jul 19)
- Re: Qt SSL endless loop Vincent Danen (Jul 19)
- Re: Qt SSL endless loop Steven M. Christey (Aug 20)
- Re: Qt SSL endless loop Vincent Danen (Aug 20)
- Re: Qt SSL endless loop Ludwig Nussel (Jul 16)