663330 – (CVE-2018-10873) <app-emulation/spice-0.14.0-r2: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)

Bug 663330 (CVE-2018-10873) - <app-emulation/spice-0.14.0-r2: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)

Summary: <app-emulation/spice-0.14.0-r2: Missing check in demarshal.py:write_validate_...

Status:	RESOLVED FIXED

Alias:	CVE-2018-10873

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa cleanup cve]
Keywords:

Depends on:
Blocks:

Reported:	2018-08-10 20:32 UTC by Thomas Deutschmann (RETIRED)
Modified:	2018-08-20 00:41 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	app-emulation/spice-0.14.0-r2
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Deutschmann (RETIRED) gentoo-dev

2018-08-10 20:32:36 UTC

Incoming details.

Comment 1 Matthias Maier gentoo-dev

2018-08-11 00:28:45 UTC

Received. Preparing package uploads and waiting for embargo date (this Thursday) to push.

Comment 2 Matthias Maier gentoo-dev

2018-08-16 22:23:16 UTC

Ready to push commits. Waiting for signs that the embargo is lifted.

Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev

2018-08-16 23:53:19 UTC

This is now public, please push!

Comment 4 Larry the Git Cow gentoo-dev

2018-08-17 00:07:57 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dfd415b17224737493b36a801d929b382061d82d

commit dfd415b17224737493b36a801d929b382061d82d
Author:     Matthias Maier <tamiko@gentoo.org>
AuthorDate: 2018-08-16 21:59:36 +0000
Commit:     Matthias Maier <tamiko@gentoo.org>
CommitDate: 2018-08-17 00:07:48 +0000

    app-emulation/spice: patch integer overflow, bug #663330
    
    Bug: https://bugs.gentoo.org/663330
    Package-Manager: Portage-2.3.46, Repoman-2.3.10

 ...0.14.0-fix-flexible-array-buffer-overflow.patch |  12 +++
 app-emulation/spice/spice-0.14.0-r2.ebuild         | 102 +++++++++++++++++++++
 2 files changed, 114 insertions(+)

Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev

2018-08-17 00:53:44 UTC

@ Arches,

please test and mark stable: =app-emulation/spice-0.14.0-r2

Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev

2018-08-18 22:34:57 UTC

x86 stable

Comment 7 Mikle Kolyada (RETIRED) archtester

2018-08-18 23:16:38 UTC

amd64 stable

GLSA vote: No.

Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev

2018-08-19 22:39:59 UTC

Re-opening for cleanup...

Comment 9 Larry the Git Cow gentoo-dev

2018-08-20 00:41:51 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc95981212d79f745d65fc6f0b7211cd84da107b

commit dc95981212d79f745d65fc6f0b7211cd84da107b
Author:     Matthias Maier <tamiko@gentoo.org>
AuthorDate: 2018-08-20 00:37:06 +0000
Commit:     Matthias Maier <tamiko@gentoo.org>
CommitDate: 2018-08-20 00:41:11 +0000

    app-emulation/spice: drop vulnerable
    
    Closing again.
    
    Closes: Bug: https://bugs.gentoo.org/663330
    Package-Manager: Portage-2.3.47, Repoman-2.3.10

 app-emulation/spice/spice-0.14.0-r1.ebuild | 101 -----------------------------
 1 file changed, 101 deletions(-)