Date: Tue, 2 Oct 2012 19:37:54 -0700 From: Seth Arnold <seth.arnold@...onical.com> To: coley@...us.mitre.org Cc: oss-security@...ts.openwall.com, security@...ntu.com Subject: CVE Request: QT CRIME vulnerability Hello Steve, all, Qt has prepared a fix to the "CRIME" SSL/TLS attack by disabling compression but I cannot find a CVE. Some details can be found here http://permalink.gmane.org/gmane.comp.lib.qt.devel/6729 : > ... > The git changes are as follows: > 5.0: 5ea896fbc63593f424a7dfbb11387599c0025c74 > 4.8: d41dc3e101a694dec98d7bbb582d428d209e5401 > 4.7: 3488f1db96dbf70bb0486d3013d86252ebf433e0 > > For older 4.x releases, the 4.7 patch is expected to work. > ... Some web links to the commits in question: http://qt.gitorious.org/qt/qt/commit/3488f1db96dbf70bb0486d3013d86252ebf433e0 http://qt.gitorious.org/qt/qt/commit/d41dc3e101a694dec98d7bbb582d428d209e5401 http://qt.gitorious.org/qt/qtbase/commit/5ea896fbc63593f424a7dfbb11387599c0025c74 Please allocate a CVE for these fixes. Thank you Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.