[3.9] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)
A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling messages
lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages
to its peer which would result in a crash or, potentially, other impacts.
(from redmine: issue id 9306, created on 2018-08-21, closed on 2018-11-08)
- Revision 4e1c871f on 2018-11-07T13:21:12Z:
main/spice: security upgrade to 0.14.1 (CVE-2018-10873) Fixes #9306