CVE-2010-2621 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2621) The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
CVE-2010-2621 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2621): The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
Looks like $URL is the commit to fix this issue.
Since this issue is fixed in Qt >=4.7, we will simply remove the vulnerable version. @security: is a GLSA still needed then?
(In reply to comment #3) > Since this issue is fixed in Qt >=4.7, we will simply remove the vulnerable > version. @security: is a GLSA still needed then? Yeah, we may need a GLSA since the vulnerable package was stable. The GLSA yes/no decision in this case is made by the team since this only rates B3. Is there an fixed option for sparc?
See bug 335730#c3
Last remaining affected version now masked pending removal.
Thank you all. Affected version removed from tree. Removing qt from CC, nothing to do here for us anymore.
I think we're past this now. GLSA Vote: no.
GLSA vote: yes.
Too old, do not want. It also sounds a lot like an application crash only. Vote: NO. Closing noglsa.