Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 88e277e4 by Salvatore Bonaccorso at 2018-05-12T22:14:00+02:00 Update information for CVE-2017-12194 Only spice-gtk is affected due to spice protocol details. A client cannot trigger thus the issue in a spice server. Viceversa though as demostrated the issues can be caused to a client. Details: https://bugzilla.redhat.com/show_bug.cgi?id=1240165 The test program (test-overflow.c) can be used to demostrate the problem. Remove unnecessary tracking of src:spice thus, if someone disagrees with the assessment, we can add it back. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -45037,9 +45037,7 @@ CVE-2017-12195 NOT-FOR-US: OpenShift CVE-2017-12194 (A flaw was found in the way spice-client processed certain messages ...) - spice-gtk <unfixed> - - spice <unfixed> NOTE: Proposed patches in: https://bugzilla.redhat.com/show_bug.cgi?id=1240165 - TODO: check for details CVE-2017-12193 (The assoc_array_insert_into_terminal_node function in lib/assoc_array.c ...) - linux 4.13.13-1 [stretch] - linux 4.9.65-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88e277e4993d3db616ae13dbf0ddbd604d34e15a --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88e277e4993d3db616ae13dbf0ddbd604d34e15a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits