Bug 1127269 - [CVE-2014-5116] rebuild virt-viewer using new cairo
Summary: [CVE-2014-5116] rebuild virt-viewer using new cairo
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: mingw-virt-viewer
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 3.6.0
Assignee: Default Assignee for SPICE Bugs
QA Contact: Desktop QE
URL:
Whiteboard: integration
Depends On:
Blocks: CVE-2014-5116
TreeView+ depends on / blocked
 
Reported: 2014-08-06 13:52 UTC by Alon Bar-Lev
Modified: 2016-01-04 05:38 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-08-20 18:25:32 UTC
oVirt Team: ---


Attachments (Terms of Use)

Description Alon Bar-Lev 2014-08-06 13:52:34 UTC
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Marc-Andre Lureau 2014-08-06 17:27:21 UTC
From parent bugs, I fail to see what is the actual issue, what is the fix and how virt-viewer would be impacted. imho, we can close until we have an answer to those questions.

Comment 2 Alon Bar-Lev 2014-08-06 17:33:50 UTC
(In reply to Marc-Andre Lureau from comment #1)
> From parent bugs, I fail to see what is the actual issue, what is the fix
> and how virt-viewer would be impacted. imho, we can close until we have an
> answer to those questions.

I am waiting as well for the pvr of cairo that should be used.

As far as I understand, as we re-distribute gtk and cairo we should fix our re-distribution, this should be trivial revbump and rebuild.

Comment 3 Marc-Andre Lureau 2014-08-06 17:42:16 UTC
(In reply to Alon Bar-Lev from comment #2)
> (In reply to Marc-Andre Lureau from comment #1)
> > From parent bugs, I fail to see what is the actual issue, what is the fix
> > and how virt-viewer would be impacted. imho, we can close until we have an
> > answer to those questions.
> 
> I am waiting as well for the pvr of cairo that should be used.

I can't find any upstream gtk or cairo bug and fix.
 
> As far as I understand, as we re-distribute gtk and cairo we should fix our
> re-distribution, this should be trivial revbump and rebuild.

cherry-picking the fix would be fine too

Comment 4 Marc-Andre Lureau 2014-08-20 17:07:40 UTC
Any update on what is the actual bug/fix?

Comment 5 Alon Bar-Lev 2014-08-20 18:25:32 UTC
Update:

Statement:

We do not consider a user-assisted crash of a client application such as Wireshark to be a security issue. For more information please see https://bugzilla.redhat.com/show_bug.cgi?id=1124500#c5


Note You need to log in before you can comment on or make changes to this bug.