buildroot/package/spice
Peter Korsgaard 087e70498a spice: add post-0.12.8 upstream security fixes
Fixes the following security issues:

CVE-2016-9577

    Frediano Ziglio of Red Hat discovered a buffer overflow
    vulnerability in the main_channel_alloc_msg_rcv_buf function. An
    authenticated attacker can take advantage of this flaw to cause a
    denial of service (spice server crash), or possibly, execute
    arbitrary code.

CVE-2016-9578

    Frediano Ziglio of Red Hat discovered that spice does not properly
    validate incoming messages. An attacker able to connect to the
    spice server could send crafted messages which would cause the
    process to crash.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-22 23:25:38 +02:00
..
0001-Prevent-possible-DoS-attempts-during-protocol-handsh.patch spice: add post-0.12.8 upstream security fixes 2017-06-22 23:25:38 +02:00
0002-Prevent-integer-overflows-in-capability-checks.patch spice: add post-0.12.8 upstream security fixes 2017-06-22 23:25:38 +02:00
0003-main-channel-Prevent-overflow-reading-messages-from-.patch spice: add post-0.12.8 upstream security fixes 2017-06-22 23:25:38 +02:00
Config.in spice: security bump to version 0.12.6 2017-06-22 23:25:24 +02:00
spice.hash spice: security bump to version 0.12.8 2017-06-22 23:25:30 +02:00
spice.mk spice: security bump to version 0.12.8 2017-06-22 23:25:30 +02:00