Qtbase-Opensource-Src security update for Debian

Debian 10703 Published by

Multiple security updates for the qtbase-opensource-src package have been released for Debian GNU/Linux due to vulnerabilities in Qt, a cross-platform C++ application framework. A race condition was discovered in version 5.15.2+dfsg-9+deb11u2 (Debian 11 Bullseye LTS), where code may execute too early on an established HTTP2 connection. The same issue was also found in versions 5.7.1+dfsg-3+deb9u6 (Debian 9 Stretch ELTS) and 5.11.3+dfsg1-1+deb10u8 (Debian 10 Buster ELTS) of the package, which were addressed by earlier security updates. Users are recommended to upgrade their qtbase-opensource-src packages to fix these vulnerabilities.

[DLA 4387-1] qtbase-opensource-src security update
ELA-1585-1 qtbase-opensource-src security update
ELA-1584-1 qtbase-opensource-src security update




[SECURITY] [DLA 4387-1] qtbase-opensource-src security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4387-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
November 29, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : qtbase-opensource-src
Version : 5.15.2+dfsg-9+deb11u2
CVE ID : CVE-2024-39936
Debian Bug : 1076293

A race condition was discovered in Qt, a cross-platform C++
application framework. Code to make security-relevant decisions about
an established HTTP2 connection may execute too early, because the
encrypted() signal has not yet been emitted and processed.

For Debian 11 bullseye, this problem has been fixed in version
5.15.2+dfsg-9+deb11u2.

We recommend that you upgrade your qtbase-opensource-src packages.

For the detailed security status of qtbase-opensource-src please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qtbase-opensource-src

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



ELA-1585-1 qtbase-opensource-src security update


Package : qtbase-opensource-src
Version : 5.7.1+dfsg-3+deb9u6 (stretch)

Related CVEs :
CVE-2015-9541

An exponential XML entity expansion was discovered in Qt, a
cross-platform C++ application framework. A crafted SVG document was
mishandled in QXmlStreamReader and would cause a denial of service, a
related issue to CVE 2003-1564 (“billion laughs attack”).


ELA-1585-1 qtbase-opensource-src security update



ELA-1584-1 qtbase-opensource-src security update


Package : qtbase-opensource-src
Version : 5.11.3+dfsg1-1+deb10u8 (buster)

Related CVEs :
CVE-2024-39936

A race condition was discovered in Qt, a cross-platform C++
application framework. Code to make security-relevant decisions about
an established HTTP2 connection may execute too early, because the
encrypted() signal has not yet been emitted and processed.


ELA-1584-1 qtbase-opensource-src security update


PostgreSQL and Libcoap-Devel updates for SUSE

CachyOS November 2025 released

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...