You probably already saw this, but I thought I would pass it along just in case: http://labs.qt.nokia.com/2011/03/29/security-advisory-fraudulent-certificate...

A patch has been created for Qt 4.6 and 4.7 that addresses potential threats caused by fraudulent SSL certificates.

Background:

Recently a group of people managed to get fraudulent SSL certificates signed by a Certificate Authority (CA).

These certificates potentially enable their owners to pretend to be other entities on the Web; the attackers can present valid certificates for e.g. mail.google.com, login.yahoo.com and login.live.com, among others.

The patch below solves this problem by blacklisting those fake certificates and aborting an SSL handshake with entities that present these certificates. The patch applies to all 4.6 and 4.7 versions, and should be applied to all Qt 4.6.x and 4.7.x versions; upcoming Qt releases will contain a fix for this problem.

Since it is a serious security vulnerability it is probably a good idea to push it as an openSUSE update. -Todd -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-kde+help@opensuse.org