A flaw was found in the way spice-client processed certain messages sent
from the server. An attacker, having control of malicious spice-server,
could use this flaw to crash the client or execute arbitrary code with
permissions of the user running the client. spice-gtk versions through 0.34
are believed to be vulnerable.
@Maintainers 0.34-r1 is in tree. Please call for stabilization when ready.
Arches, please stabilize net-misc/spice-gtk-0.34-r2.
An automated check of this bug failed - the following atom is unknown:
Please verify the atom list.
An automated check of this bug succeeded - the previous repoman errors are now resolved.
This bug's workflow looks stuck. Stabilization is complete, I'm cleaning up.
The bug has been referenced in the following commit(s):
Author: Virgil Dupras <email@example.com>
AuthorDate: 2018-08-07 00:06:32 +0000
Commit: Virgil Dupras <firstname.lastname@example.org>
CommitDate: 2018-08-07 00:07:18 +0000
net-misc/spice-gtk: remove vulnerable version
Package-Manager: Portage-2.3.44, Repoman-2.3.10
net-misc/spice-gtk/Manifest | 1 -
.../files/spice-gtk-0.33-sys-sysmacros.h.patch | 44 ------
net-misc/spice-gtk/spice-gtk-0.33-r2.ebuild | 152 ---------------------
3 files changed, 197 deletions(-)
This issue was resolved and addressed in
GLSA 201811-20 at https://security.gentoo.org/glsa/201811-20
by GLSA coordinator Aaron Bauman (b-man).