Debian Package Tracker
Register | Log in
Subscribe

qt6-base

Choose email to subscribe with

general
  • source: qt6-base (main)
  • version: 6.9.2+dfsg-2
  • maintainer: Debian Qt/KDE Maintainers (archive) (DMD)
  • uploaders: Patrick Franz [DMD]
  • arch: all any
  • std-ver: 4.7.2
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • oldstable: 6.4.2+dfsg-10
  • stable: 6.8.2+dfsg-9
  • testing: 6.9.2+dfsg-2
  • unstable: 6.9.2+dfsg-2
versioned links
  • 6.4.2+dfsg-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 6.8.2+dfsg-9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 6.9.2+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libqt6concurrent6
  • libqt6core6t64 (1 bugs: 0, 1, 0, 0)
  • libqt6dbus6
  • libqt6gui6 (4 bugs: 0, 3, 1, 0)
  • libqt6network6
  • libqt6opengl6 (1 bugs: 0, 1, 0, 0)
  • libqt6openglwidgets6
  • libqt6printsupport6
  • libqt6sql6
  • libqt6sql6-ibase
  • libqt6sql6-mysql
  • libqt6sql6-odbc
  • libqt6sql6-psql
  • libqt6sql6-sqlite
  • libqt6test6
  • libqt6widgets6 (3 bugs: 0, 3, 0, 0)
  • libqt6xml6
  • qmake6
  • qmake6-bin
  • qt6-base-dev (2 bugs: 0, 2, 0, 0)
  • qt6-base-dev-tools (1 bugs: 0, 1, 0, 0)
  • qt6-base-doc
  • qt6-base-doc-dev
  • qt6-base-doc-html
  • qt6-base-examples
  • qt6-base-private-dev
  • qt6-gtk-platformtheme (1 bugs: 0, 1, 0, 0)
  • qt6-qpa-plugins
  • qt6-xdgdesktopportal-platformtheme
action needed
A new upstream version is available: 6.9.3 high
A new upstream version 6.9.3 is available, you should consider packaging it.
Created: 2025-10-04 Last update: 2025-10-04 12:31
lintian reports 13 errors and 82 warnings high
Lintian reports 13 errors and 82 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2025-09-23 Last update: 2025-09-23 18:02
1 bug tagged patch in the BTS normal
The BTS contains patches fixing 1 bug, consider including or untagging them.
Created: 2025-02-12 Last update: 2025-10-04 17:31
Fails to build during reproducibility testing normal
A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!
Created: 2025-02-10 Last update: 2025-10-04 13:02
4 open merge requests in Salsa normal
There are 4 open merge requests for this package on Salsa. You should consider reviewing and/or merging these merge requests.
Created: 2025-09-22 Last update: 2025-09-22 22:03
9 low-priority security issues in bookworm low

There are 9 open security issues in bookworm.

8 issues left for the package maintainer to handle:
  • CVE-2025-5455: (needs triaging) An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service (abort). This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0. This has been fixed in 5.15.19, 6.5.9, 6.8.4 and 6.9.1.
  • CVE-2025-5992: (needs triaging) When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2.
  • CVE-2023-34410: (needs triaging) An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
  • CVE-2023-37369: (needs triaging) In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
  • CVE-2023-51714: (needs triaging) An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
  • CVE-2024-25580: (needs triaging) An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
  • CVE-2024-39936: (needs triaging) An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
  • CVE-2025-30348: (needs triaging) encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).

You can find information about how to handle these issues in the security team's documentation.

1 ignored issue:
  • CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.
Created: 2024-06-29 Last update: 2025-09-30 14:00
debian/patches: 5 patches to forward upstream low

Among the 8 debian patches available in version 6.9.2+dfsg-2 of the package, we noticed the following issues:

  • 5 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.
Created: 2023-02-26 Last update: 2025-09-23 07:02
testing migrations
  • This package will soon be part of the auto-icu transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
news
[rss feed]
  • [2025-10-01] qt6-base 6.9.2+dfsg-2 MIGRATED to testing (Debian testing watch)
  • [2025-09-22] Accepted qt6-base 6.9.2+dfsg-2 (source) into unstable (Patrick Franz)
  • [2025-09-11] qt6-base 6.8.2+dfsg-10.1 MIGRATED to testing (Debian testing watch)
  • [2025-09-05] Accepted qt6-base 6.8.2+dfsg-10.1 (source) into unstable (Matthias Klose)
  • [2025-09-03] Accepted qt6-base 6.9.2+dfsg-1 (source) into experimental (Patrick Franz)
  • [2025-08-29] qt6-base 6.8.2+dfsg-10 MIGRATED to testing (Debian testing watch)
  • [2025-08-24] Accepted qt6-base 6.8.2+dfsg-10 (source) into unstable (Patrick Franz)
  • [2025-08-24] Accepted qt6-base 6.9.1+dfsg-5 (source) into experimental (Patrick Franz)
  • [2025-08-01] Accepted qt6-base 6.9.1+dfsg-4 (source) into experimental (Patrick Franz)
  • [2025-07-24] qt6-base 6.8.2+dfsg-9 MIGRATED to testing (Debian testing watch)
  • [2025-07-19] Accepted qt6-base 6.9.1+dfsg-3 (source) into experimental (Pino Toscano)
  • [2025-07-18] Accepted qt6-base 6.8.2+dfsg-9 (source) into unstable (Patrick Franz)
  • [2025-07-12] Accepted qt6-base 6.9.1+dfsg-2 (source) into experimental (Patrick Franz)
  • [2025-07-12] Accepted qt6-base 6.9.1+dfsg-1 (source) into experimental (Patrick Franz)
  • [2025-07-05] qt6-base 6.8.2+dfsg-8 MIGRATED to testing (Debian testing watch)
  • [2025-06-29] Accepted qt6-base 6.8.2+dfsg-8 (source) into unstable (Patrick Franz)
  • [2025-06-25] qt6-base 6.8.2+dfsg-7 MIGRATED to testing (Debian testing watch)
  • [2025-06-19] Accepted qt6-base 6.8.2+dfsg-7 (source) into unstable (Patrick Franz)
  • [2025-04-27] qt6-base 6.8.2+dfsg-6 MIGRATED to testing (Debian testing watch)
  • [2025-04-16] Accepted qt6-base 6.8.2+dfsg-6 (source) into unstable (Patrick Franz)
  • [2025-03-14] qt6-base 6.8.2+dfsg-5 MIGRATED to testing (Debian testing watch)
  • [2025-03-01] Accepted qt6-base 6.8.2+dfsg-5 (source) into unstable (Patrick Franz)
  • [2025-02-15] Accepted qt6-base 6.8.2+dfsg-4 (source) into experimental (Patrick Franz)
  • [2025-02-07] qt6-base 6.7.2+dfsg-6 MIGRATED to testing (Debian testing watch)
  • [2025-02-04] Accepted qt6-base 6.8.2+dfsg-3 (source) into experimental (Pino Toscano)
  • [2025-02-03] Accepted qt6-base 6.8.2+dfsg-2 (source) into experimental (Pino Toscano)
  • [2025-02-02] Accepted qt6-base 6.8.2+dfsg-1 (source) into experimental (Patrick Franz)
  • [2025-02-02] Accepted qt6-base 6.7.2+dfsg-6 (source) into unstable (Sandro Knauß)
  • [2024-12-14] qt6-base 6.7.2+dfsg-5 MIGRATED to testing (Debian testing watch)
  • [2024-12-08] Accepted qt6-base 6.7.2+dfsg-5 (source) into unstable (Patrick Franz)
  • 1
  • 2
bugs [bug history graph]
  • all: 18 19
  • RC: 0
  • I&N: 16 17
  • M&W: 2
  • F&P: 0
  • patch: 1
links
  • homepage
  • lintian (13, 82)
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debian patches
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 6.9.2+dfsg-1ubuntu1
  • 7 bugs
  • patches for 6.9.2+dfsg-1ubuntu1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing