QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which might make it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service, or trick a service into accepting an invalid client certificate for a user.
Software | From | Fixed in |
---|---|---|
trolltech / qsslsocket | 4.3.0 | 4.3.0.x |
trolltech / qsslsocket | 4.3.1 | 4.3.1.x |
trolltech / qsslsocket | 4.3.2 | 4.3.2.x |