Bug 1127269

Summary: [CVE-2014-5116] rebuild virt-viewer using new cairo
Product: Red Hat Enterprise Virtualization Manager Reporter: Alon Bar-Lev <alonbl>
Component: mingw-virt-viewerAssignee: Default Assignee for SPICE Bugs <rh-spice-bugs>
Status: CLOSED NOTABUG QA Contact: Desktop QE <desktop-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: acathrow, alonbl, cfergeau, ecohen, gklein, iheim, marcandre.lureau, mkrcmari, yeylon
Target Milestone: ---   
Target Release: 3.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: integration
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-08-20 18:25:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1124500    

Description Alon Bar-Lev 2014-08-06 13:52:34 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Marc-Andre Lureau 2014-08-06 17:27:21 UTC 
From parent bugs, I fail to see what is the actual issue, what is the fix and how virt-viewer would be impacted. imho, we can close until we have an answer to those questions.
Comment 2 Alon Bar-Lev 2014-08-06 17:33:50 UTC 
(In reply to Marc-Andre Lureau from comment #1)
> From parent bugs, I fail to see what is the actual issue, what is the fix
> and how virt-viewer would be impacted. imho, we can close until we have an
> answer to those questions.

I am waiting as well for the pvr of cairo that should be used.

As far as I understand, as we re-distribute gtk and cairo we should fix our re-distribution, this should be trivial revbump and rebuild.
Comment 3 Marc-Andre Lureau 2014-08-06 17:42:16 UTC 
(In reply to Alon Bar-Lev from comment #2)
> (In reply to Marc-Andre Lureau from comment #1)
> > From parent bugs, I fail to see what is the actual issue, what is the fix
> > and how virt-viewer would be impacted. imho, we can close until we have an
> > answer to those questions.
> 
> I am waiting as well for the pvr of cairo that should be used.

I can't find any upstream gtk or cairo bug and fix.
 
> As far as I understand, as we re-distribute gtk and cairo we should fix our
> re-distribution, this should be trivial revbump and rebuild.

cherry-picking the fix would be fine too
Comment 4 Marc-Andre Lureau 2014-08-20 17:07:40 UTC 
Any update on what is the actual bug/fix?
Comment 5 Alon Bar-Lev 2014-08-20 18:25:32 UTC 
Update:

Statement:

We do not consider a user-assisted crash of a client application such as Wireshark to be a security issue. For more information please see https://bugzilla.redhat.com/show_bug.cgi?id=1124500#c5