[Spice-devel] [spice-server 0/3] Fixes for CVE-2017-7506
Christophe Fergeau
cfergeau at redhat.com
Tue Jul 11 08:57:58 UTC 2017
Hey,
These 3 patches are fixing CVE-2017-7506 for which the embargo was lifted
today. One needs to have successfully established a SPICE connection (including
authentication) before this can become an issue.
Thanks to Frediano for noticing this, and working on the patches! I'll push
these shortly as they were reviewed privately already.
Christophe
More information about the Spice-devel
mailing list