Your submission was sent successfully! Close

CVE-2012-5624

Published: 5 December 2012

The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.

Priority

Low

Status

Package Release Status
qt4-x11
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Not vulnerable
(code not present)
oneiric
Released (4:4.7.4-0ubuntu8.3)
precise
Released (4:4.8.1-0ubuntu4.4)
quantal
Released (4:4.8.3+dfsg-0ubuntu3.1)
upstream
Released (4.8.4)
Patches:
upstream: http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71