Package: libqt4-network Version: 4:4.6.3-1 Severity: grave Tags: security Hi,
The following vulnerability has been reported in libqt4-network. From [1]: > The part of the network library which handles the SSL connection can be > tricked into an endless loop that freezes the whole application with > CPU at 100%. > > The problem is located in the QSslSocketBackendPrivate::transmit() > function in src_network_ssl_qsslsocket_openssl.cpp that never exits > from the main "while" loop. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry, if one is assigned by then. There's no known patch at the moment and an exploit is linked by the advisory. [1]http://aluigi.altervista.org/adv/qtsslame-adv.txt Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201006302108.24939.geiss...@debian.org
