Description: "A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection." https://bugzilla.redhat.com/show_bug.cgi?id=1921846 https://gitlab.freedesktop.org/spice/spice/-/issues/49
Package list is empty or all packages have requested keywords.
Merge request with patch: https://gitlab.freedesktop.org/spice/spice/-/merge_requests/150 Was merged as 95a0cfac8a1c8eff50f05e65df945da3bb501fc9: https://gitlab.freedesktop.org/spice/spice/-/commit/95a0cfac8a1c8eff50f05e65df945da3bb501fc9 Which is in v0.15.0, so please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f669a2f91427e142b943efe92978216dff4c842a commit f669a2f91427e142b943efe92978216dff4c842a Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-08-09 21:27:51 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-09 21:30:23 +0000 app-emulation/spice: drop 0.14.3-r1 Bug: https://bugs.gentoo.org/792618 Signed-off-by: John Helmert III <ajak@gentoo.org> app-emulation/spice/Manifest | 1 - .../spice-0.14.3-CVE-2020-14355-404d7478.patch | 31 ------ .../spice-0.14.3-CVE-2020-14355-762e0aba.patch | 13 --- .../spice-0.14.3-CVE-2020-14355-b24fe6b6.patch | 18 ---- .../spice-0.14.3-CVE-2020-14355-ef1b6ff7.patch | 17 ---- app-emulation/spice/spice-0.14.3-r1.ebuild | 106 --------------------- 6 files changed, 186 deletions(-)
GLSA request filed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=88dfcad797c12002c58b9aab13f036a6a0a0f3c7 commit 88dfcad797c12002c58b9aab13f036a6a0a0f3c7 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-10 04:07:16 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-10 04:17:31 +0000 [ GLSA 202208-10 ] Spice Server: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/746920 Bug: https://bugs.gentoo.org/792618 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-10.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)
GLSA released, all done!