Re: [Development] [Announce] Security advisory: Qt Network
Kevin Kofler via Development wrote: > Qt 4.8 (backported by Than Ngo): > https://src.fedoraproject.org/rpms/qt/raw/rawhide/f/qt-CVE-2023-34410.patch PS: Qt 4.8 does NOT include the Windows-specific qsslsocket_schannel.cpp, which was introduced in Qt 5.13. (Qt 4.8 supported only OpenSSL.) Hence,
Re: [Development] [Announce] Security advisory: Qt Network
List for announcements regarding Qt releases and development via Announce via Development wrote: > Patches: > dev: https://codereview.qt-project.org/c/qt/qtbase/+/477560 and > https://codereview.qt-project.org/c/qt/qtbase/+/480002 Qt 6.5: > https://codereview.qt-project.org/c/qt/qtbase/+/479276
Re: [Development] [Announce] Security advisory: Qt Network
2023-06-09
Thread
List for announcements regarding Qt releases and development via Announce via Development
for announcements regarding Qt releases and development via Announce Subject: [Development] [Announce] Security advisory: Qt Network Hi, A recent SSL issue affecting both OpenSSL and Schannel in Qt Network has been reported and has been assigned the CVE id CVE-2023-33410. In some circumstances
[Development] [Announce] Security advisory: Qt Network
2023-06-09
Thread
List for announcements regarding Qt releases and development via Announce via Development
Hi, A recent SSL issue affecting both OpenSSL and Schannel in Qt Network has been reported and has been assigned the CVE id CVE-2023-33410. In some circumstances, system CA certificates list remains unexpectedly active for the authentication of SSL peers. In a case where clients are supposed
[Development] [Announce] Security advisory: Qt Network
2023-06-01
Thread
List for announcements regarding Qt releases and development via Announce via Development
Hi, A recent buffer overflow issue in Qt Network has been reported and has been assigned the CVE id CVE-2023-33285. QDnsLookup may read outside the bounds of the buffer it allocated to receive the DNS reply with certain, specially crafted replies that violate the DNS protocol. QDnsLookup
[Development] [Announce] Security advisory: Qt Network
2023-05-23
Thread
List for announcements regarding Qt releases and development via Announce via Development
Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not matching directly. Unencrypted connections are susceptible to
