PublicDateAtUSN: 2012-06-29
Candidate: CVE-2010-5076
PublicDate: 2012-06-29 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5076
 https://rhn.redhat.com/errata/RHSA-2012-0880.html
 https://ubuntu.com/security/notices/USN-1504-1
Description:
 QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the
 subject's Common Name field of an X.509 certificate, which might allow
 man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
 certificate issued by a legitimate Certification Authority.
Ubuntu-Description:
Notes:
 jdstrand> Ubuntu 11.04 and higher not affected
Bugs:
Priority: medium
Discovered-by:
Assigned-to: jdstrand
CVSS: 

Patches_qt4-x11:
 vendor: https://rhn.redhat.com/errata/RHSA-2012-0880.html
 other: https://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0 (pt1)
 other: https://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e (pt2)
upstream_qt4-x11: released (4:4.7.2)
hardy_qt4-x11: ignored (reached end-of-life)
lucid_qt4-x11: released (4:4.6.2-0ubuntu5.4)
natty_qt4-x11: not-affected (4:4.7.2-0ubuntu6.3)
oneiric_qt4-x11: not-affected
precise_qt4-x11: not-affected
devel_qt4-x11: not-affected