CVE-2012-5624

Publication date 5 December 2012

Last updated 24 July 2024

The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
qt4-x11	12.10 quantal	Fixed 4:4.8.3+dfsg-0ubuntu3.1
	12.04 LTS precise	Fixed 4:4.8.1-0ubuntu4.4
	11.10 oneiric	Fixed 4:4.7.4-0ubuntu8.3
	10.04 LTS lucid	Not affected
	8.04 LTS hardy	Ignored end of life

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
qt4-x11	Upstream: 96311de

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1723-1
Qt vulnerabilities
14 February 2013

Other references

http://lists.qt-project.org/pipermail/announce/2012-November/000014.html
https://www.cve.org/CVERecord?id=CVE-2012-5624