CVE-2019-3813 (https://nvd.nist.gov/vuln/detail/CVE-2019-3813): Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad28dfa767dead9be522f8bd8801ba76eb33a324 commit ad28dfa767dead9be522f8bd8801ba76eb33a324 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2020-04-18 18:35:25 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2020-04-18 18:56:14 +0000 app-emulation/spice: drop vulnerable versions, bug #717776 Bug: https://bugs.gentoo.org/717776 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Matthias Maier <tamiko@gentoo.org> app-emulation/spice/Manifest | 2 - ...0.14.0-fix-flexible-array-buffer-overflow.patch | 12 --- .../spice/files/spice-0.14.0-libressl_fix.patch | 13 --- .../spice/files/spice-0.14.0-openssl1.1_fix.patch | 26 ------ app-emulation/spice/spice-0.14.0-r2.ebuild | 102 --------------------- app-emulation/spice/spice-0.14.2.ebuild | 100 -------------------- 6 files changed, 255 deletions(-)
This issue was resolved and addressed in GLSA 202007-30 at https://security.gentoo.org/glsa/202007-30 by GLSA coordinator Sam James (sam_c).