CVE-2010-5076

NameCVE-2010-5076
DescriptionQSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qt4-x11 (PTS)stretch4:4.8.7+dfsg-11fixed
stretch (security)4:4.8.7+dfsg-11+deb9u1fixed
buster4:4.8.7+dfsg-18+deb10u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qt4-x11source(unstable)4:4.6.3-1

Notes

Might be fixed earlier, but Squeeze version has been validated to be fixed

Search for package or bug name: Reporting problems