[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security update needed for spice

From: Mark H Weaver
Subject: Security update needed for spice
Date: Mon, 22 Aug 2016 00:09:18 -0400

Hi David,

There are two high-severity security flaws in spice that are apparently
fixed in spice-0.12.8:  CVE-2016-0749 and CVE-2016-2150

While investigating, I noticed that we're using a "development release"
of spice (0.13.x) instead of a "stable release" (0.12.x):

We should probably be using the stable release.  What do you think?

Anyway, would you be willing to handle this security update, by
switching Guix to a version of spice that's not vulnerable?
The summary line could end with "[fixes CVE-2016-{0749,2150}]."

Thanks for your contributions.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]