spice: fix CVE-2017-7506 - linux/meta-cloud-services.git - Mirror of git.yoctoproject.org/meta-cloud-services.git

diff options

author	Yi Zhao <yi.zhao@windriver.com>	2017-09-22 10:03:05 +0800
committer	Bruce Ashfield <bruce.ashfield@windriver.com>	2017-09-29 14:36:03 -0400
commit	921dca953cea111a3c579e890cf9d95a6276b7d2 (patch)
tree	a3dc13751a89e3910e9d384063236c2d48beec52 /meta-openstack/recipes-devtools/python/python-barbican
parent	87affd0e8d235c1786b1e6230dc796db0a6824ea (diff)
download	meta-cloud-services-921dca953cea111a3c579e890cf9d95a6276b7d2.tar.gz

spice: fix CVE-2017-7506

CVE-2017-7506: spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-7506 Patches from: https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f1e7ec03e26ab6b8ca9b7ec060846a5b706a963d https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=ec6229c79abe05d731953df5f7e9a05ec9f6df79 https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=a957a90baf2c62d31f3547e56bba7d0e812d2331 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>

Diffstat (limited to 'meta-openstack/recipes-devtools/python/python-barbican')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: