PublicDateAtUSN: 2012-12-05
Candidate: CVE-2012-5624
PublicDate: 2013-02-24 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5624
 http://lists.qt-project.org/pipermail/announce/2012-November/000014.html
 https://ubuntu.com/security/notices/USN-1723-1
Description:
 The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to
 the file scheme, which allows man-in-the-middle attackers to force the read
 of arbitrary local files and possibly obtain sensitive information via a
 file: URL to a QML application.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695156
Priority: low
Discovered-by: Richard J. Moore and Peter Hartmann
Assigned-to: mdeslaur
CVSS: 

Patches_qt4-x11:
 upstream: http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71
upstream_qt4-x11: released (4.8.4)
hardy_qt4-x11: ignored (reached end-of-life)
lucid_qt4-x11: not-affected (code not present)
oneiric_qt4-x11: released (4:4.7.4-0ubuntu8.3)
precise_qt4-x11: released (4:4.8.1-0ubuntu4.4)
quantal_qt4-x11: released (4:4.8.3+dfsg-0ubuntu3.1)
devel_qt4-x11: not-affected (4:4.8.4+dfsg-0ubuntu2)