Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 361401

Summary: <dev-qt/qtcore-4.6.3-r1: blacklist fake SSL certificates patch
Product: Gentoo Security Reporter: Tomás Touceda (RETIRED) <chiiph>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://labs.qt.nokia.com/2011/03/29/security-advisory-fraudulent-certificates/
Whiteboard: B4 [glsa]
Package list:
Runtime testing required: ---

Description Tomás Touceda (RETIRED) gentoo-dev 2011-03-31 01:19:05 UTC
Qt's upstream has released a patch to solve the problem with the fake SSL certificates.

x11-libs/qt-core-4.6.3-r1 needs a fast stabilization since all applications using SSL from qt stable won't notice this problem.
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2011-04-02 04:07:27 UTC
(In reply to comment #0)
> Qt's upstream has released a patch to solve the problem with the fake SSL
> certificates.
> 

Thank you for the heads up.

Arches, please test and mark stable:
=x11-libs/qt-core-4.6.3-r1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Comment 2 Christoph Mende (RETIRED) gentoo-dev 2011-04-02 08:43:33 UTC
amd64 stable
Comment 3 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-04-02 20:32:04 UTC
x86 stable
Comment 4 Brent Baude (RETIRED) gentoo-dev 2011-04-04 15:43:52 UTC
ppc done
Comment 5 Jeroen Roovers gentoo-dev 2011-04-04 18:48:12 UTC
Stable for HPPA.
Comment 6 Markus Meier gentoo-dev 2011-04-05 05:25:28 UTC
arm stable
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2011-04-09 13:53:02 UTC
alpha/ia64/sparc stable
Comment 8 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-04-11 17:06:44 UTC
ppc64 stable, last arch done
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2011-04-11 18:42:02 UTC
Thanks, everyone. GLSA Vote: yes.
Comment 10 Stefan Behte (RETIRED) gentoo-dev Security 2011-10-08 22:24:17 UTC
Vote: YES. Added to pending GLSA request.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2013-11-22 11:10:22 UTC
This issue was resolved and addressed in
 GLSA 201311-14 at http://security.gentoo.org/glsa/glsa-201311-14.xml
by GLSA coordinator Sergey Popov (pinkbyte).