From https://www.openwall.com/lists/oss-security/2020/10/06/10 : Hello, Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. More specifically, these flaws reside in the spice-common shared code between the client and server of SPICE. In other words, both the client (spice-gtk) and server are affected by these flaws. A malicious client or server could send specially crafted messages which could result in a process crash or potential code execution scenario. CVE-2020-14355 has been assigned for this flaw by Red Hat Inc. Upstream commits: * https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0aba * https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d7478 * https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7 * https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b6 Credit: Frediano Ziglio (Red Hat) @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6418bd9306729c2497c17fe302f58965800897c commit d6418bd9306729c2497c17fe302f58965800897c Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2021-04-04 18:48:42 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2021-04-04 18:54:34 +0000 app-emulation/spice: apply security patches for CVE-2020-14355 Bug: https://bugs.gentoo.org/746920 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Matthias Maier <tamiko@gentoo.org> .../spice-0.14.3-CVE-2020-14355-404d7478.patch | 31 +++++++ .../spice-0.14.3-CVE-2020-14355-762e0aba.patch | 13 +++ .../spice-0.14.3-CVE-2020-14355-b24fe6b6.patch | 18 ++++ .../spice-0.14.3-CVE-2020-14355-ef1b6ff7.patch | 17 ++++ app-emulation/spice/spice-0.14.3-r1.ebuild | 103 +++++++++++++++++++++ 5 files changed, 182 insertions(+)
Arches please stabilize.
x86 done
arm64 done
amd64 done
ppc64 done all arches done
Please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b863ba70dae5f9892133f5242f167539e42fb8f0 commit b863ba70dae5f9892133f5242f167539e42fb8f0 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-07-24 17:24:45 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-07-24 18:59:14 +0000 app-emulation/spice: drop 0.14.3 Bug: https://bugs.gentoo.org/746920 Signed-off-by: John Helmert III <ajak@gentoo.org> app-emulation/spice/spice-0.14.3.ebuild | 95 --------------------------------- 1 file changed, 95 deletions(-)
Package list is empty or all packages have requested keywords.
GLSA request filed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=88dfcad797c12002c58b9aab13f036a6a0a0f3c7 commit 88dfcad797c12002c58b9aab13f036a6a0a0f3c7 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-10 04:07:16 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-10 04:17:31 +0000 [ GLSA 202208-10 ] Spice Server: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/746920 Bug: https://bugs.gentoo.org/792618 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-10.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)
GLSA released, all done!
