buildroot/package/spice/spice.hash at 0d643fd3e8d2e3deb5de936f176286ca2c4f0b62 - deepcrayon/buildroot - SpaceCruft!

deepcrayon/buildroot

Peter Korsgaard 75057fe767 spice: security bump to version 0.12.8

Fixes the following security issues:

CVE-2016-0749: The smartcard interaction in SPICE allows remote attackers to
cause a denial of service (QEMU-KVM process crash) or possibly execute
arbitrary code via vectors related to connecting to a guest VM, which
triggers a heap-based buffer overflow.

CVE-2016-2150: SPICE allows local guest OS users to read from or write to
arbitrary host memory locations via crafted primary surface parameters, a
similar issue to CVE-2015-5261.

The pyparsing check has been dropped from configure, and the spice protocol
definition is again included, so the workarounds can be removed.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

2017-06-22 23:25:30 +02:00

3 lines

114 B

Plaintext

Raw Blame History

	`# Locally calculated`
	`sha256 f901a5c5873d61acac84642f9eea5c4d6386fc3e525c2b68792322794e1c407d spice-0.12.8.tar.bz2`