Описание
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| qtnetworkauth-everywhere-src | fixed | 5.15.13-3 | package | |
| qtnetworkauth-everywhere-src | ignored | bookworm | package | |
| qtnetworkauth-everywhere-src | no-dsa | bullseye | package | |
| qtnetworkauth-everywhere-src | postponed | buster | package | |
| qt6-networkauth | fixed | 6.7.2-2 | package | |
| qt6-networkauth | ignored | bookworm | package |
Примечания
https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317 (security fix)
https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368 (followup/finetuning)
Связанные уязвимости
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
