| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | spice: security bump to version 0.14.1 | Peter Korsgaard | 2018-10-20 | 1 | -33/+0 |
| | | | | | | | | | | | | | | | | | | | | Fixes CVE-2018-10873: A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. Drop patches as they are now upstream. Add host-pkgconf as the configure script uses pkg-config. Drop removed --disable-automated-tests configure flag. Add optional opus support, as that is now supported and needs to be explicitly disabled to not use. Explicitly disable optional gstreamer support for now as the dependency tree is fairly complicated. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> | ||||
| * | spice: add post-0.12.8 upstream security fixes | Peter Korsgaard | 2017-06-22 | 1 | -0/+33 |
| Fixes the following security issues: CVE-2016-9577 Frediano Ziglio of Red Hat discovered a buffer overflow vulnerability in the main_channel_alloc_msg_rcv_buf function. An authenticated attacker can take advantage of this flaw to cause a denial of service (spice server crash), or possibly, execute arbitrary code. CVE-2016-9578 Frediano Ziglio of Red Hat discovered that spice does not properly validate incoming messages. An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> | |||||
 |
index : buildroot | |
| OpenPOWER buildroot sources | Raptor Computing Systems |
| summaryrefslogtreecommitdiffstats |
|