• Developers
    • Developers Price. Buy. Download. Try.
    Subnavigation

    What the DigiNotar security breach means for Qt users (continued)

    September 07, 2011 by Peter Hartmann | Comments

    This blog post continues from the previous blog post, What the DigiNotar security breach means for Qt users.

    What needs to be done

    Contrary to an earlier DigiNotar statement, possibly all DigiNotar intermediate certificates are affected by the attack; this means that blacklisting only the DigiNotar root certificate is not enough. Since some of those intermediates are cross-signed, i.e. their trust does not ultimately rely on the DigiNotar root certificate, they need to be blacklisted.
    Below are patches provided that blacklist all DigiNotar intermediates and root certificates.

    For Qt versions 4.7.3 and 4.7.4:

    (or if the patch for blacklisting the fraudulent Comodo certificates has been applied to earlier versions (see the blog post on the Comodo attack):

    blacklist-diginotar-certs.diff

    For Qt versions 4.7.0, 4.7.1 and 4.7.2:

    blacklist-diginotar-and-comodo-certs.diff

    All upcoming Qt versions, including 4.8 and 5, will contain a fix for the problem already (see e.g. the Qt 5 commit, the commits in the 4.7 and 4.8 repositories are not public yet).

    Acknowledgements

    Thanks to Rich Moore from KDE for cross-reading this post.
    Blog Topics:

    Comments

    Subscribe to our newsletter

    Subscribe Newsletter

    Try Qt 6.7 Now!

    Download the latest release here: www.qt.io/download.

    Qt 6.7 focuses on the expansion of supported platforms and industry standards. This makes code written with Qt more sustainable and brings more value in Qt as a long-term investment.

    We're Hiring

    Check out all our open positions here and follow us on Instagram to see what it's like to be #QtPeople.

    Read Next

    Apr 18, 2024

    Security advisory: Potential Use-After-Free issue in Qt for WebAssembly’s implementation of QNetworkReply

    A recently reported potential Use-After-Free issue in Qt’s wasm..

    Read Article

    Feb 15, 2024

    Security advisory: Potential Buffer Overflow when reading KTX images

    A recently reported potential buffer overflow issue in Qt’s KTX’s image..

    Read Article

    Dec 20, 2023

    Qt 6.7 Beta 1 Released

    We have released Qt 6.7 Beta 1 today. As usual, Qt 6.7 Beta 1 is available..

    Read Article

    G2 Leader Winter 2024 Logo
    Contact Us

    Qt Group includes The Qt Company Oy and its global subsidiaries and affiliates.