| Package | qtbase-opensource-src |
|---|---|
| Version | 5.11.3+dfsg1-1+deb10u8 (buster) |
| Related CVEs | CVE-2024-39936 |
A race condition was discovered in Qt, a cross-platform C++ application framework. Code to make security-relevant decisions about an established HTTP2 connection may execute too early, because the encrypted() signal has not yet been emitted and processed.
For Debian 10 buster, these problems have been fixed in version 5.11.3+dfsg1-1+deb10u8.
We recommend that you upgrade your qtbase-opensource-src packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.