https://bugzilla.suse.com/show_bug.cgi?id=1224782 Bug ID: 1224782 Summary: CVE-2024-36048 qtnetworkauth: data race and poor seeding in generateRandomString() Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: christophe@krop.fr QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- (Adding the bug report since I'm preparing the qt6-networkauth fixes) QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values. https://www.cve.org/CVERecord?id=CVE-2024-36048 https://nvd.nist.gov/vuln/detail/CVE-2024-36048 Affected: qt6-networkauth packages in: openSUSE:Factory (6.7.1 packaging in progress) openSUSE:Backports:SLE15-SP5 openSUSE:Backports:SLE15-SP6 libqt5-qtnetworkauth: openSUSE:Factory openSUSE:Backports:SLE15-SP5 openSUSE:Backports:SLE15-SP6 -- You are receiving this mail because: You are on the CC list for the bug.