From: Peter Marko <[email protected]> Debian has fixed this CVE with [1]. That patch is taken from [2].
.../tmp/work/core2-64-poky-linux/spice/0.15.2/git$ git describe 69628ea13 v0.13.1-190-g69628ea1 .../tmp/work/core2-64-poky-linux/spice/0.15.2/git$ git tag --contains 69628ea13 v0.13.2 [1] https://sources.debian.org/patches/spice/0.12.5-1%2Bdeb8u5/CVE-2016-2150/0002-improve-primary-surface-parameter-checks.patch/ [2] https://gitlab.freedesktop.org/spice/spice/-/commit/69628ea1375282cb7ca5b4dc4410e7aa67e0fc02 Signed-off-by: Peter Marko <[email protected]> --- meta-networking/recipes-support/spice/spice_git.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-networking/recipes-support/spice/spice_git.bb b/meta-networking/recipes-support/spice/spice_git.bb index 5e6d8584e3..7900a7dea5 100644 --- a/meta-networking/recipes-support/spice/spice_git.bb +++ b/meta-networking/recipes-support/spice/spice_git.bb @@ -22,6 +22,7 @@ SRC_URI = "gitsm://gitlab.freedesktop.org/spice/spice;branch=master;protocol=htt S = "${WORKDIR}/git" CVE_STATUS[CVE-2016-0749] = "fixed-version: patched since 0.13.2" +CVE_STATUS[CVE-2016-2150] = "fixed-version: patched since 0.13.2" CVE_STATUS[CVE-2018-10893] = "fixed-version: patched already, caused by inaccurate CPE in the NVD database." inherit meson gettext python3native python3-dir pkgconfig -- 2.30.2
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#114560): https://lists.openembedded.org/g/openembedded-devel/message/114560 Mute This Topic: https://lists.openembedded.org/mt/110303080/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
