CVE-2012-5624
Published: 5 December 2012
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.
Priority
Status
Package | Release | Status |
---|---|---|
qt4-x11 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
(code not present)
|
|
oneiric |
Released
(4:4.7.4-0ubuntu8.3)
|
|
precise |
Released
(4:4.8.1-0ubuntu4.4)
|
|
quantal |
Released
(4:4.8.3+dfsg-0ubuntu3.1)
|
|
upstream |
Released
(4.8.4)
|
|
Patches: upstream: http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71 |