CVE-2012-6093

NameCVE-2012-6093
DescriptionThe QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qt4-x11 (PTS)stretch4:4.8.7+dfsg-11fixed
stretch (security)4:4.8.7+dfsg-11+deb9u1fixed
buster4:4.8.7+dfsg-18+deb10u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qt4-x11source(unstable)(not affected)

Notes

- qt4-x11 <not-affected> (Only affects environments where a different OpenSSL is used, doesn't apply to Debian; bug #697582)
http://lists.qt-project.org/pipermail/announce/2013-January/000020.html
https://codereview.qt-project.org/#change,42461
Fixed in 4:4.8.2+dfsg-10

Search for package or bug name: Reporting problems