Source: spice-gtk
Version: 0.34-1
Severity: important
Tags: security upstream

Hi,

The following vulnerability was published for spice-gtk.

CVE-2018-10893[0]:
|Insufficient encoding checks for LZ can cause different integer/buffer
|overflows

See [1] for some details, afaics the proposed patches are not yet
merged upstream in the development sources.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-10893
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10893
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1598234

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply via email to