blacklist fake Comodo SSL certificates

Bug #742377 reported by Jonathan Riddell on 2011-03-25
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
qt4-x11 (Ubuntu)
Undecided
Unassigned
Hardy
Undecided
Micah Gersten
Karmic
Undecided
Micah Gersten
Lucid
Undecided
Micah Gersten
Maverick
Undecided
Micah Gersten
Natty
Undecided
Unassigned

Bug Description

SSL certificate authority produced some fake certificates. These need to be blacklisted by Qt.

Jonathan Riddell (jr) wrote :

This fix affects Qt and KDE applications

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qt4-x11 - 4:4.7.2-0ubuntu5

---------------
qt4-x11 (4:4.7.2-0ubuntu5) natty; urgency=low

  * libqtgui4 recommends appmenu-qt, LP: #733309
  * SECURITY UPDATE: Fake SSL certificates produced by Comodo, LP: #742377
    - Add kubuntu_30_blacklist_ssl_certificates.diff from upstream staging, lists
      and blocks known bad certificates
    - http://qt.gitorious.org/+qt-developers/qt/staging/commit/04e074e8d7c097295505e63565abdc7ca2b49f7b
    - http://bugreports.qt.nokia.com/browse/QTBUG-18338
    - http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
 -- Jonathan Riddell <email address hidden> Wed, 23 Mar 2011 17:31:55 +0000

Changed in qt4-x11 (Ubuntu):
status: New → Fix Released
Jamie Strandboge (jdstrand) wrote :

Accepted qt4-x11 4.4.0-1ubuntu5~hardy2 into hardy-backports.

Jonathan Riddell (jr) wrote :

Updated patch from upstream, new debdiffs coming..

Changed in qt4-x11 (Ubuntu Natty):
status: Fix Released → Triaged
Jonathan Riddell (jr) wrote :
Jonathan Riddell (jr) wrote :
Jonathan Riddell (jr) wrote :
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qt4-x11 - 4:4.7.2-0ubuntu6

---------------
qt4-x11 (4:4.7.2-0ubuntu6) natty; urgency=low

  * SECURITY UPDATE: Fake SSL certificates produced by Comodo, LP: #742377
  * Update kubuntu_30_blacklist_ssl_certificates.diff from upstream staging
    - in qsslsocket_openssl.cpp block bad certificates
    - http://qt.gitorious.org/+qt-developers/qt/staging/commit/b87528a71b66e786c11804d7b79e408aae612748
    - http://bugreports.qt.nokia.com/browse/QTBUG-18338
    - http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
 -- Jonathan Riddell <email address hidden> Fri, 25 Mar 2011 17:31:29 +0000

Changed in qt4-x11 (Ubuntu Natty):
status: Triaged → Fix Released
Jonathan Riddell (jr) wrote :
Jonathan Riddell (jr) wrote :
Micah Gersten (micahg) on 2011-03-28
Changed in qt4-x11 (Ubuntu Maverick):
status: New → In Progress
assignee: nobody → Micah Gersten (micahg)
Changed in qt4-x11 (Ubuntu Lucid):
assignee: nobody → Micah Gersten (micahg)
Changed in qt4-x11 (Ubuntu Karmic):
assignee: nobody → Micah Gersten (micahg)
Changed in qt4-x11 (Ubuntu Hardy):
assignee: nobody → Micah Gersten (micahg)
Changed in qt4-x11 (Ubuntu Lucid):
status: New → In Progress
Changed in qt4-x11 (Ubuntu Karmic):
status: New → In Progress
Changed in qt4-x11 (Ubuntu Hardy):
status: New → In Progress
Jonathan Riddell (jr) wrote :
Micah Gersten (micahg) wrote :

All debdiffs ACKd except hardy-backports and packages uploaded to ubuntu-security-proposed PPA. Will review hardy-backports next.

Changed in qt4-x11 (Ubuntu Hardy):
status: In Progress → Fix Committed
Changed in qt4-x11 (Ubuntu Karmic):
status: In Progress → Fix Committed
Changed in qt4-x11 (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in qt4-x11 (Ubuntu Lucid):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qt4-x11 - 4.3.4-0ubuntu3.2

---------------
qt4-x11 (4.3.4-0ubuntu3.2) hardy-security; urgency=low

  * SECURITY UPDATE: Fake SSL certificates produced by Comodo, LP: #742377
    - Add kubuntu_30_blacklist_ssl_certificates.diff from upstream staging,
      lists and blocks known bad certificates
    - http://qt.gitorious.org/+qt-developers/qt/staging/commit/04e074e8d7c097295505e63565abdc7ca2b49f7b
    - http://bugreports.qt.nokia.com/browse/QTBUG-18338
    - http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
 -- Jonathan Riddell <email address hidden> Tue, 29 Mar 2011 14:18:08 -0500

Changed in qt4-x11 (Ubuntu Hardy):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qt4-x11 - 4:4.6.2-0ubuntu5.2

---------------
qt4-x11 (4:4.6.2-0ubuntu5.2) lucid-security; urgency=low

  * SECURITY UPDATE: Fake SSL certificates produced by Comodo, LP: #742377
    - Add kubuntu_30_blacklist_ssl_certificates.diff from upstream staging,
      lists and blocks known bad certificates
    - http://qt.gitorious.org/+qt-developers/qt/staging/commit/04e074e8d7c097295505e63565abdc7ca2b49f7b
    - http://bugreports.qt.nokia.com/browse/QTBUG-18338
    - http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
 -- Jonathan Riddell <email address hidden> Sun, 27 Mar 2011 23:55:30 -0500

Changed in qt4-x11 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qt4-x11 - 4:4.7.0-0ubuntu4.3

---------------
qt4-x11 (4:4.7.0-0ubuntu4.3) maverick-security; urgency=low

  * SECURITY UPDATE: Fake SSL certificates produced by Comodo, LP: #742377
    - Add kubuntu_30_blacklist_ssl_certificates.diff from upstream staging,
      lists and blocks known bad certificates
    - http://qt.gitorious.org/+qt-developers/qt/staging/commit/04e074e8d7c097295505e63565abdc7ca2b49f7b
    - http://bugreports.qt.nokia.com/browse/QTBUG-18338
    - http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
 -- Jonathan Riddell <email address hidden> Mon, 28 Mar 2011 00:44:59 -0500

Changed in qt4-x11 (Ubuntu Maverick):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qt4-x11 - 4.5.3really4.5.2-0ubuntu1.1

---------------
qt4-x11 (4.5.3really4.5.2-0ubuntu1.1) karmic-security; urgency=low

  * SECURITY UPDATE: Fake SSL certificates produced by Comodo, LP: #742377
    - Add kubuntu_30_blacklist_ssl_certificates.diff from upstream staging,
      lists and blocks known bad certificates
    - http://qt.gitorious.org/+qt-developers/qt/staging/commit/04e074e8d7c097295505e63565abdc7ca2b49f7b
    - http://bugreports.qt.nokia.com/browse/QTBUG-18338
    - http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
 -- Jonathan Riddell <email address hidden> Sun, 27 Mar 2011 23:43:32 -0500

Changed in qt4-x11 (Ubuntu Karmic):
status: Fix Committed → Fix Released
matthew72 (matthew72) wrote :

why also 100MB of documentation got updated in the process?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers