Summary: | <app-emulation/spice-0.12.6: insufficient validation of surface_id parameter can cause crash | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | dev-zero, virtualization |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1260822 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 562890 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2015-09-09 06:57:30 UTC
Fixed in 0.12.6, maintainers please bump commit 4b9af846b69fddc4708c2bd0a49d77a49212e6f3 Author: Matthias Maier <tamiko@gentoo.org> Date: Sun Nov 15 01:30:25 2015 -0600 app-emulation/spice: version bump to 0.12.6 (CVE-2015-5260, CVE-2015-5260) - Bump to latest version that fixes to security issues. - Introduce libressl support Bugs: 545180 Bugs: 560006 Bugs: 562890 Bugs: 565250 Package-Manager: portage-2.2.23 commit 4afce62fa2103017af0f310d6354e0e3d3fd3c7f Author: Matthias Maier <tamiko@gentoo.org> Date: Sun Nov 15 01:26:53 2015 -0600 app-emulation/spice-protocol: version bump to 0.12.10 Package-Manager: portage-2.2.23 Stabilization on related security bug #562890 Added to existing GLSA request. This issue was resolved and addressed in GLSA 201606-05 at https://security.gentoo.org/glsa/201606-05 by GLSA coordinator Kristian Fiskerstrand (K_F). |