-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4387-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler November 29, 2025 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : qtbase-opensource-src Version : 5.15.2+dfsg-9+deb11u2 CVE ID : CVE-2024-39936 Debian Bug : 1076293 A race condition was discovered in Qt, a cross-platform C++ application framework. Code to make security-relevant decisions about an established HTTP2 connection may execute too early, because the encrypted() signal has not yet been emitted and processed. For Debian 11 bullseye, this problem has been fixed in version 5.15.2+dfsg-9+deb11u2. We recommend that you upgrade your qtbase-opensource-src packages. For the detailed security status of qtbase-opensource-src please refer to its security tracker page at: https://security-tracker.debian.org/tracker/qtbase-opensource-src Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmkqzhwACgkQDTl9HeUl XjAhTQ/9E/BhbVUGl5z2ZCL/Jyz7ECgv8bp/J6d4vrVNuI1GY/FQGAqAqbQLmmuY LK0/xot3afvXKfoKh8LdeXDpSW7y1cON5YGfsw+WnEnraTsQI3WfphwN1Dh0iAk0 0BkrcuJVfUd5iuHOMGEYygsfnOM5AXqnyN3PovORWlAKcNkJYGBw/KPB1B3xmnsw xpVbKKYooVFPm4hAUd2pozh4IHhA6FLjLTYbTfZS2+WC6/8rxbwEkBDJQAkkTvTB dajPMXHpphAmOsbxJHkbcW4xmt5zLalHYNqxBXKZcpw4Paqmm2JjnNMwvVKPTxnN +/2jcRYRiMRaGlWUKNWlfnziSMhhWvQVMJ8GYaDtF4c0K4Bv8KC4pfj1IVVDA7qY U3ROSwPbOl6Z19rCbOQaMgk2ShztCPGv2xAAu0HTZyliRKSni1JC9bMy1mhzWgsM RQb/COMsEKH6kxAhfDOrLLyQ0cQWgDbn0DIi7swdxc0YVPQQV32rcOjLbpHumCty 8UlXlH3TgtlfzNbK/byf/U3pgjN9UQq/CmZGu4PtyHKvQSV2kXy2zDG++DLGK9/9 0oK2ZSLd+XNFqRztG46HfcK/Iri9KnE3m0aDL2Y0M0Qfvqbs7yNHJAF8KQJXr6lz xepWOCv/zfkCrWI/ZpYa+vClZ7Z8ABA/chpaMoL7JijRolrwy3A= =G4Qy -----END PGP SIGNATURE-----
