Extensive documentation at $URL. Four DoS vulnerabilities, one can also result in information disclosure. No release yet, but tarball of patches is also at $URL and it appears to be the commit series on 29 October at the upstream repo: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commits/master
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6317607037454a8d45565920954e1811c1f39f11 commit 6317607037454a8d45565920954e1811c1f39f11 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2021-04-04 18:35:00 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2021-04-04 18:35:24 +0000 app-emulation/spice-vdagent: drop vulnerable Bug: https://bugs.gentoo.org/753956 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Matthias Maier <tamiko@gentoo.org> app-emulation/spice-vdagent/Manifest | 1 - .../spice-vdagent/spice-vdagent-0.20.0.ebuild | 62 ---------------------- 2 files changed, 63 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1201373dd0a53e02ba2fa762386adc1c25417ed1 commit 1201373dd0a53e02ba2fa762386adc1c25417ed1 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2021-04-04 18:33:11 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2021-04-04 18:35:21 +0000 app-emulation/spice-vdagent: version bump to 0.21.0 Fixes for CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 CVE-2020-25653 Bug: https://bugs.gentoo.org/753956 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Matthias Maier <tamiko@gentoo.org> app-emulation/spice-vdagent/Manifest | 1 + .../spice-vdagent/spice-vdagent-0.21.0.ebuild | 62 ++++++++++++++++++++++ 2 files changed, 63 insertions(+)
Arches, please stabilize app-emulation/spice-vdagent-0.21.0
amd64 done
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ac2d1c9307a6b2082cb8de3880084295adfe8364 commit ac2d1c9307a6b2082cb8de3880084295adfe8364 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-04-12 16:03:19 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-04-12 16:03:19 +0000 app-emulation/spice-vdagent: Revert "Stabilize 0.21.0 amd64, #753956" Apologies - my script chucked this into the 'success' bin after I killed the test for hanging. Investigating. (I am not aware of any actual runtime issues with this package, but we should do this to be safe.) This reverts commit 5c1fa98b7829ef8086092975d491c53c70cc14e7. Bug: https://bugs.gentoo.org/753956 Signed-off-by: Sam James <sam@gentoo.org> app-emulation/spice-vdagent/spice-vdagent-0.21.0.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Popping out stabilization as it's blocked anyway.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae2e20389d4bae50fcad0996e6dc6ff2496cc95a commit ae2e20389d4bae50fcad0996e6dc6ff2496cc95a Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2023-06-18 02:07:38 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2023-06-18 02:07:53 +0000 app-emulation/spice-vdagent: drop 0.19.0-r1, 0.21.0 Bug: https://bugs.gentoo.org/753956 Signed-off-by: Matthias Maier <tamiko@gentoo.org> app-emulation/spice-vdagent/Manifest | 2 - .../spice-vdagent/spice-vdagent-0.19.0-r1.ebuild | 63 -------------------- .../spice-vdagent/spice-vdagent-0.21.0.ebuild | 67 ---------------------- 3 files changed, 132 deletions(-)
Denial of service only, no GLSA. All done.