ALT Linux Team

Branch sisyphus_riscv64 update on 2025-02-19

2025-02-19

ALT-BU-2025-3156-1

Branch sisyphus_riscv64 update bulletin.

ALT-PU-2025-3124-1

Package mongoose updated to version 7.16-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-11-18
Modified: 2024-11-19

CVE-2024-42383

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2024-11-18
Modified: 2025-01-13

CVE-2024-42384

Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2024-11-18
Modified: 2024-11-19

CVE-2024-42385

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters.

Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2024-11-18
Modified: 2024-11-19

CVE-2024-42386

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2024-11-18
Modified: 2024-11-19

CVE-2024-42387

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2024-11-18
Modified: 2024-11-19

CVE-2024-42388

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2024-11-18
Modified: 2024-11-19

CVE-2024-42389

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2024-11-18
Modified: 2024-11-19

CVE-2024-42390

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2024-11-18
Modified: 2024-11-19

CVE-2024-42391

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2024-11-18
Modified: 2024-11-19

CVE-2024-42392

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2025-3126-1

Package qt6-svg updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3127-1

Package qt6-connectivity updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3128-1

Package qt6-websockets updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3129-1

Package qt6-quicktimeline updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3130-1

Package qt6-networkauth updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3131-1

Package qt6-speech updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3132-1

Package qt6-tools updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3133-1

Package qt6-sensors updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3134-1

Package qt6-translations updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3135-1

Package qt6-charts updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3136-1

Package qt6-location updated to version 6.8.2-alt2 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3137-1

Package qt6-remoteobjects updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3138-1

Package qt6-serialport updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3139-1

Package qt6-webchannel updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3140-1

Package qt6-serialbus updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3141-1

Package qt6-datavis3d updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3142-1

Package qt6-imageformats updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3143-1

Package qt6-base updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3144-1

Package qt6-wayland updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3145-1

Package qt6-quick3d updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3146-1

Package qt6-declarative updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3147-1

Package qt6-multimedia updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3148-1

Package qt6-5compat updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3149-1

Package qt6-scxml updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3150-1

Package qt6-doc updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3151-1

Package qt6-3d updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3152-1

Package qt6-virtualkeyboard updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3153-1

Package libdb5.3 updated to version 5.3.28-alt6 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2019-04-23
Modified: 2024-11-21

CVE-2019-2708

Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).

Severity: LOW (3.3) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
References:

ALT-PU-2025-3154-1

Package qt6-shadertools updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2025-3155-1

Package qt6-positioning updated to version 6.8.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-03-19

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top