Source: spice-gtk Version: 0.34-1 Severity: important Tags: security upstream
Hi, The following vulnerability was published for spice-gtk. CVE-2018-10893[0]: |Insufficient encoding checks for LZ can cause different integer/buffer |overflows See [1] for some details, afaics the proposed patches are not yet merged upstream in the development sources. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-10893 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10893 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1598234 Please adjust the affected versions in the BTS as needed. Regards, Salvatore

