Описание
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| qt6-base | fixed | 6.8.2+dfsg-5 | package | |
| qt6-base | no-dsa | bookworm | package | |
| qtbase-opensource-src | fixed | 5.15.13+dfsg-3 | package | |
| qtbase-opensource-src | fixed | 5.15.8+dfsg-11+deb12u3 | bookworm | package |
| qtbase-opensource-src | no-dsa | bullseye | package | |
| qtbase-opensource-src-gles | fixed | 5.15.15+dfsg-1 | experimental | package |
| qtbase-opensource-src-gles | unfixed | package |
Примечания
https://codereview.qt-project.org/c/qt/qtbase/+/571601
https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commit;h=b1e75376cc3adfc7da5502a277dfe9711f3e0536
https://github.com/qt/qtbase/commit/0fb43e4395da34d561814242a0186999e4956e28 (v6.8.0-beta3)
The -gles package doesn't build the HTTP2 code, only included in the source package
Связанные уязвимости
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
