Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ee041db2 by Salvatore Bonaccorso at 2018-05-16T14:17:15+02:00
Mark CVE-2017-12194 as no-dsa
A malicious spice server can cause problems to a spice-gtk client. Issue
is mninor and can be adressed in a point release. Adding a note
regarding the (de)marshal.py which are present in source but not in a
binary package: AFAICS these are actually used to generate code in
generated_client_(de)marshallers* and to be included in
libspice-common-client.so.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -45380,8 +45380,12 @@ CVE-2017-12195
NOT-FOR-US: OpenShift
CVE-2017-12194 (A flaw was found in the way spice-client processed certain
messages ...)
- spice-gtk <unfixed> (bug #898503)
+ [stretch] - spice-gtk <no-dsa> (Minor issue)
+ [jessie] - spice-gtk <no-dsa> (Minor issue)
[wheezy] - spice-gtk <not-affected> (Vulnerable code is not in any
binary package, only in the source package)
NOTE: Proposed patches in:
https://bugzilla.redhat.com/show_bug.cgi?id=1240165
+ NOTE: Although not present in the binary packages the (de)marshal.py
are used to
+ NOTE: generate repsecitve code which should be in
libspice-common-client.
CVE-2017-12193 (The assoc_array_insert_into_terminal_node function in
lib/assoc_array.c ...)
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ee041db2628c4f1f54b6ea6abe2177594fb5ec1a
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ee041db2628c4f1f54b6ea6abe2177594fb5ec1a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
