CVE-2007-5965

Publication date 8 January 2008

Last updated 24 July 2024

QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which might make it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service, or trick a service into accepting an invalid client certificate for a user.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
qt4-x11	7.10 gutsy	Fixed 4.3.2-0ubuntu3.2
	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-579-1
Qt vulnerability
20 February 2008

Other references

https://www.cve.org/CVERecord?id=CVE-2007-5965