An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
The product does not validate, or incorrectly validates, a certificate.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qt | Qt | * | 5.15.15 (excluding) |
| Qt | Qt | 6.0.0 (including) | 6.2.9 (excluding) |
| Qt | Qt | 6.3.0 (including) | 6.5.2 (excluding) |
| Qt4-x11 | Ubuntu | bionic | * |
| Qt4-x11 | Ubuntu | trusty | * |
| Qt4-x11 | Ubuntu | xenial | * |
| Qt6-base | Ubuntu | bionic | * |
| Qt6-base | Ubuntu | kinetic | * |
| Qt6-base | Ubuntu | lunar | * |
| Qt6-base | Ubuntu | mantic | * |
| Qt6-base | Ubuntu | trusty | * |
| Qt6-base | Ubuntu | xenial | * |
| Qtbase-opensource-src | Ubuntu | bionic | * |
| Qtbase-opensource-src | Ubuntu | kinetic | * |
| Qtbase-opensource-src | Ubuntu | lunar | * |
| Qtbase-opensource-src | Ubuntu | mantic | * |
| Qtbase-opensource-src | Ubuntu | trusty | * |
| Qtbase-opensource-src | Ubuntu | xenial | * |
| Qtbase-opensource-src-gles | Ubuntu | bionic | * |
| Qtbase-opensource-src-gles | Ubuntu | kinetic | * |
| Qtbase-opensource-src-gles | Ubuntu | lunar | * |
| Qtbase-opensource-src-gles | Ubuntu | mantic | * |
| Qtbase-opensource-src-gles | Ubuntu | trusty | * |
| Qtbase-opensource-src-gles | Ubuntu | xenial | * |
| Red Hat Enterprise Linux 8 | RedHat | qt5-qtbase-0:5.15.3-5.el8 | * |
| Red Hat Enterprise Linux 9 | RedHat | qt5-0:5.15.9-1.el9 | * |