CVE-2012-5624

NameCVE-2012-5624
DescriptionThe XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs695156

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qt4-x11 (PTS)stretch4:4.8.7+dfsg-11fixed
stretch (security)4:4.8.7+dfsg-11+deb9u1fixed
buster4:4.8.7+dfsg-18+deb10u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qt4-x11sourcesqueeze(not affected)
qt4-x11source(unstable)4:4.8.2+dfsg-7695156

Notes

[squeeze] - qt4-x11 <not-affected> (Vulnerable code not present)
http://lists.qt-project.org/pipermail/announce/2012-November/000014.html

Search for package or bug name: Reporting problems