Bug#587711: libqt4-network: infinite loop in QSslSocketBackendPrivate::transmit()
On Thu, Jul 01, 2010 at 10:55:11AM +0300, Fathi Boudra wrote: > > it isn't coherent. > > sorry, I was thinking to Qt 4.7 ... > current released version should be affected. Could you please report this upstream? It's not clear to me where to find the QT bug tracking system on the Nokia website. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#587711: libqt4-network: infinite loop in QSslSocketBackendPrivate::transmit()
> it isn't coherent. sorry, I was thinking to Qt 4.7 ... current released version should be affected. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#587711: libqt4-network: infinite loop in QSslSocketBackendPrivate::transmit()
Hi, >From the advisory: > Versions: <= 4.6.3 it isn't coherent. Cheers, Fathi -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#587711: libqt4-network: infinite loop in QSslSocketBackendPrivate::transmit()
Package: libqt4-network Version: 4:4.6.3-1 Severity: grave Tags: security Hi, The following vulnerability has been reported in libqt4-network. From [1]: > The part of the network library which handles the SSL connection can be > tricked into an endless loop that freezes the whole application with > CPU at 100%. > > The problem is located in the QSslSocketBackendPrivate::transmit() > function in src_network_ssl_qsslsocket_openssl.cpp that never exits > from the main "while" loop. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry, if one is assigned by then. There's no known patch at the moment and an exploit is linked by the advisory. [1]http://aluigi.altervista.org/adv/qtsslame-adv.txt Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
