Summary: | <app-emulation/spice-0.14.2: Out of bounds read (CVE-2019-3813) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | virtualization |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2020-04-17 01:11:48 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad28dfa767dead9be522f8bd8801ba76eb33a324 commit ad28dfa767dead9be522f8bd8801ba76eb33a324 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2020-04-18 18:35:25 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2020-04-18 18:56:14 +0000 app-emulation/spice: drop vulnerable versions, bug #717776 Bug: https://bugs.gentoo.org/717776 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Matthias Maier <tamiko@gentoo.org> app-emulation/spice/Manifest | 2 - ...0.14.0-fix-flexible-array-buffer-overflow.patch | 12 --- .../spice/files/spice-0.14.0-libressl_fix.patch | 13 --- .../spice/files/spice-0.14.0-openssl1.1_fix.patch | 26 ------ app-emulation/spice/spice-0.14.0-r2.ebuild | 102 --------------------- app-emulation/spice/spice-0.14.2.ebuild | 100 -------------------- 6 files changed, 255 deletions(-) This issue was resolved and addressed in GLSA 202007-30 at https://security.gentoo.org/glsa/202007-30 by GLSA coordinator Sam James (sam_c). |