Overview

File _patchinfo of Package patchinfo.35115

<patchinfo incident="35115">
  <issue tracker="bnc" id="1223917">VUL-0: CVE-2024-33861: qt6-base: invalid pointer in QStringConverter</issue>
  <issue tracker="bnc" id="1222120">VUL-0: CVE-2023-45935: libqt4,libqt5-qtbase,qt3,qt6-base: NULL pointer dereference via QXcbConnection::initializeAllAtoms()</issue>
  <issue tracker="bnc" id="1227426">VUL-0: CVE-2024-39936: libqt4,libqt5-qtbase,qt3,qt6-base:  delay any HTTP2 communication until encrypted() can be responded to</issue>
  <issue tracker="cve" id="2024-33861"/>
  <issue tracker="cve" id="2023-45935"/>
  <issue tracker="cve" id="2024-39936"/>
  <packager>alarrosa</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qt6-base</summary>
  <description>This update for qt6-base fixes the following issues:

- CVE-2024-33861: Fixed an invalid pointer being passed as a callback which coud lead to modification of the stack (bsc#1223917)
- CVE-2024-39936: Fixed information leakage due to process HTTP2 communication before encrypted() can be responded to (bsc#1227426)
- CVE-2023-45935: Fixed NULL pointer dereference in QXcbConnection::initializeAllAtoms() due to anomalous behavior from the X server (bsc#1222120)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places