Debian Bug report logs -
#904161
spice-gtk: CVE-2018-10893: Insufficient encoding checks for LZ can cause different integer/buffer overflows
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Liang Guo <guoliang@debian.org>:
Bug#904161; Package src:spice-gtk.
(Fri, 20 Jul 2018 22:18:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Liang Guo <guoliang@debian.org>.
(Fri, 20 Jul 2018 22:18:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: spice-gtk
Version: 0.34-1
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for spice-gtk.
CVE-2018-10893[0]:
|Insufficient encoding checks for LZ can cause different integer/buffer
|overflows
See [1] for some details, afaics the proposed patches are not yet
merged upstream in the development sources.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-10893
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10893
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1598234
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Liang Guo <guoliang@debian.org>:
Bug#904161; Package src:spice-gtk.
(Fri, 20 Jul 2018 22:27:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Liang Guo <guoliang@debian.org>.
(Fri, 20 Jul 2018 22:27:05 GMT) (full text, mbox, link).
Message #10 received at 904161@bugs.debian.org (full text, mbox, reply):
On Sat, Jul 21, 2018 at 12:15:39AM +0200, Salvatore Bonaccorso wrote:
> See [1] for some details, afaics the proposed patches are not yet
> merged upstream in the development sources.
and ongoing review via
https://lists.freedesktop.org/archives/spice-devel/2018-July/044489.html
.
Regaards,
Salvatore
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:07:42 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon