Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 2 Oct 2012 19:37:54 -0700
From: Seth Arnold <>
Subject: CVE Request: QT CRIME vulnerability

Hello Steve, all,

Qt has prepared a fix to the "CRIME" SSL/TLS attack by disabling
compression but I cannot find a CVE.

Some details can be found here :
> ...
> The git changes are as follows:
> 5.0: 5ea896fbc63593f424a7dfbb11387599c0025c74
> 4.8: d41dc3e101a694dec98d7bbb582d428d209e5401
> 4.7: 3488f1db96dbf70bb0486d3013d86252ebf433e0
> For older 4.x releases, the 4.7 patch is expected to work.
> ...

Some web links to the commits in question:

Please allocate a CVE for these fixes.

Thank you

Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.