Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 2 Oct 2012 19:37:54 -0700
From: Seth Arnold <seth.arnold@...onical.com>
To: coley@...us.mitre.org
Cc: oss-security@...ts.openwall.com, security@...ntu.com
Subject: CVE Request: QT CRIME vulnerability

Hello Steve, all,

Qt has prepared a fix to the "CRIME" SSL/TLS attack by disabling
compression but I cannot find a CVE.

Some details can be found here
http://permalink.gmane.org/gmane.comp.lib.qt.devel/6729 :
> ...
> The git changes are as follows:
> 5.0: 5ea896fbc63593f424a7dfbb11387599c0025c74
> 4.8: d41dc3e101a694dec98d7bbb582d428d209e5401
> 4.7: 3488f1db96dbf70bb0486d3013d86252ebf433e0
> 
> For older 4.x releases, the 4.7 patch is expected to work.
> ...

Some web links to the commits in question:

http://qt.gitorious.org/qt/qt/commit/3488f1db96dbf70bb0486d3013d86252ebf433e0
http://qt.gitorious.org/qt/qt/commit/d41dc3e101a694dec98d7bbb582d428d209e5401
http://qt.gitorious.org/qt/qtbase/commit/5ea896fbc63593f424a7dfbb11387599c0025c74


Please allocate a CVE for these fixes.

Thank you

Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.