[Git][security-tracker-team/security-tracker][master] Update information for CVE-2017-12194
Salvatore Bonaccorso
carnil at debian.org
Sat May 12 21:14:07 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
88e277e4 by Salvatore Bonaccorso at 2018-05-12T22:14:00+02:00
Update information for CVE-2017-12194
Only spice-gtk is affected due to spice protocol details. A client
cannot trigger thus the issue in a spice server. Viceversa though as
demostrated the issues can be caused to a client.
Details: https://bugzilla.redhat.com/show_bug.cgi?id=1240165
The test program (test-overflow.c) can be used to demostrate the
problem.
Remove unnecessary tracking of src:spice thus, if someone disagrees with
the assessment, we can add it back.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -45037,9 +45037,7 @@ CVE-2017-12195
NOT-FOR-US: OpenShift
CVE-2017-12194 (A flaw was found in the way spice-client processed certain messages ...)
- spice-gtk <unfixed>
- - spice <unfixed>
NOTE: Proposed patches in: https://bugzilla.redhat.com/show_bug.cgi?id=1240165
- TODO: check for details
CVE-2017-12193 (The assoc_array_insert_into_terminal_node function in lib/assoc_array.c ...)
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88e277e4993d3db616ae13dbf0ddbd604d34e15a
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88e277e4993d3db616ae13dbf0ddbd604d34e15a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180512/491cef6e/attachment.html>
More information about the debian-security-tracker-commits
mailing list