Back to bug 1313496
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-03-01 17:26:03 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-03-01 17:26:03 UTC | Doc Type | --- | Bug Fix |
| Adam Mariš | 2016-03-01 17:27:09 UTC | Blocks | 1313499 | |
| Stefan Cornelius | 2016-03-10 10:44:53 UTC | Whiteboard | impact=moderate,public=no,reported=20160229,source=redhat,cvss2=4.3/AV:A/AC:M/Au:N/C:P/I:N/A:P,rhel-6/spice-server=new,rhel-7/spice=new,fedora-all/spice=affected | impact=moderate,public=no,reported=20160229,source=redhat,cvss2=4.3/AV:A/AC:M/Au:N/C:P/I:N/A:P,rhel-6/spice-server=affected,rhel-7/spice=affected,fedora-all/spice=affected |
| Stefan Cornelius | 2016-03-10 10:46:07 UTC | Whiteboard | impact=moderate,public=no,reported=20160229,source=redhat,cvss2=4.3/AV:A/AC:M/Au:N/C:P/I:N/A:P,rhel-6/spice-server=affected,rhel-7/spice=affected,fedora-all/spice=affected | impact=important,public=no,reported=20160229,source=redhat,cvss2=4.3/AV:A/AC:M/Au:N/C:P/I:N/A:P,rhel-6/spice-server=affected,rhel-7/spice=affected,fedora-all/spice=affected |
| Stefan Cornelius | 2016-03-10 10:46:11 UTC | Severity | medium | high |
| Stefan Cornelius | 2016-03-10 10:46:14 UTC | Priority | medium | high |
| Stefan Cornelius | 2016-03-10 11:08:38 UTC | Depends On | 1316491 | |
| Stefan Cornelius | 2016-03-10 11:08:45 UTC | Depends On | 1316492 | |
| Stefan Cornelius | 2016-03-10 11:08:53 UTC | Depends On | 1316493 | |
| Stefan Cornelius | 2016-03-10 11:09:01 UTC | Depends On | 1316495 | |
| Stefan Cornelius | 2016-03-10 12:11:29 UTC | Alias | CVE-2016-2150 | |
| Stefan Cornelius | 2016-03-10 12:11:32 UTC | Summary | EMBARGOED spice: Host memory access from guest with invalid primary surface parameters | EMBARGOED CVE-2016-2150 spice: Host memory access from guest with invalid primary surface parameters |
| Christophe Fergeau | 2016-04-19 14:48:33 UTC | CC | uril | |
| Stefan Cornelius | 2016-05-31 11:42:23 UTC | Doc Text | A heap-based buffer overflow flaw was found in the way SPICE handled certain guest QXL commands related to surface creation. A user in a guest could use this flaw to read and write arbitrary memory locations on the host. | |
| Stefan Cornelius | 2016-05-31 11:43:09 UTC | Doc Text | A heap-based buffer overflow flaw was found in the way SPICE handled certain guest QXL commands related to surface creation. A user in a guest could use this flaw to read and write arbitrary memory locations on the host. | A heap-based buffer overflow flaw was found in the way SPICE handled certain guest QXL commands related to surface creation. A user in a guest could use this flaw to read and write certain memory locations on the host. |
| Martin Prpič | 2016-06-01 08:34:44 UTC | Doc Text | A heap-based buffer overflow flaw was found in the way SPICE handled certain guest QXL commands related to surface creation. A user in a guest could use this flaw to read and write certain memory locations on the host. | A memory access flaw was found in the way spice handled certain guests using crafted primary surface parameters. A user in a guest could use this flaw to read from and write to arbitrary memory locations on the host. |
| Christophe Fergeau | 2016-06-03 11:51:57 UTC | CC | fziglio | |
| Stefan Cornelius | 2016-06-06 15:13:51 UTC | Whiteboard | impact=important,public=no,reported=20160229,source=redhat,cvss2=4.3/AV:A/AC:M/Au:N/C:P/I:N/A:P,rhel-6/spice-server=affected,rhel-7/spice=affected,fedora-all/spice=affected | impact=important,public=20160606,reported=20160229,source=redhat,cvss2=4.3/AV:A/AC:M/Au:N/C:P/I:N/A:P,rhel-6/spice-server=affected,rhel-7/spice=affected,fedora-all/spice=affected |
| Stefan Cornelius | 2016-06-06 15:14:13 UTC | Summary | EMBARGOED CVE-2016-2150 spice: Host memory access from guest with invalid primary surface parameters | CVE-2016-2150 spice: Host memory access from guest with invalid primary surface parameters |
| Stefan Cornelius | 2016-06-06 15:14:18 UTC | Group | security, qe_staff | |
| Stefan Cornelius | 2016-06-06 15:16:34 UTC | Depends On | 1343135 | |
| Huzaifa S. Sidhpurwala | 2016-12-09 06:24:32 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-12-09 01:24:32 UTC | |||
| Frediano Ziglio | 2017-03-21 10:43:15 UTC | CC | fziglio | |
| Product Security DevOps Team | 2019-09-29 13:45:06 UTC | Whiteboard | impact=important,public=20160606,reported=20160229,source=redhat,cvss2=4.3/AV:A/AC:M/Au:N/C:P/I:N/A:P,rhel-6/spice-server=affected,rhel-7/spice=affected,fedora-all/spice=affected |
Back to bug 1313496