[ubuntu/groovy-proposed] spice 0.14.3-1ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Oct 6 16:25:47 UTC 2020 

spice (0.14.3-1ubuntu2) groovy; urgency=medium

  * SECURITY UPDATE: multiple buffer overflows in QUIC image decoding
    - debian/patches/CVE-2020-14355-1.patch: check we have some data to
      start decoding quic image in subprojects/spice-common/common/quic.c.
    - debian/patches/CVE-2020-14355-2.patch: check image size in
      quic_decode_begin in subprojects/spice-common/common/quic.c.
    - debian/patches/CVE-2020-14355-3.patch: check RLE lengths in
      subprojects/spice-common/common/quic_tmpl.c.
    - debian/patches/CVE-2020-14355-4.patch: avoid possible buffer overflow
      in find_bucket in subprojects/spice-common/common/quic_family_tmpl.c.
    - CVE-2020-14355

Date: Thu, 01 Oct 2020 07:00:18 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/spice/0.14.3-1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Thu, 01 Oct 2020 07:00:18 -0400
Source: spice
Architecture: source
Version: 0.14.3-1ubuntu2
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 spice (0.14.3-1ubuntu2) groovy; urgency=medium
 .
   * SECURITY UPDATE: multiple buffer overflows in QUIC image decoding
     - debian/patches/CVE-2020-14355-1.patch: check we have some data to
       start decoding quic image in subprojects/spice-common/common/quic.c.
     - debian/patches/CVE-2020-14355-2.patch: check image size in
       quic_decode_begin in subprojects/spice-common/common/quic.c.
     - debian/patches/CVE-2020-14355-3.patch: check RLE lengths in
       subprojects/spice-common/common/quic_tmpl.c.
     - debian/patches/CVE-2020-14355-4.patch: avoid possible buffer overflow
       in find_bucket in subprojects/spice-common/common/quic_family_tmpl.c.
     - CVE-2020-14355
Checksums-Sha1:
 ece1f5f7ef533100b209bbbcdd61fc36f1b3b205 2771 spice_0.14.3-1ubuntu2.dsc
 928aee75547999a615b8e1ee3fe3d90f0daa0837 18828 spice_0.14.3-1ubuntu2.debian.tar.xz
 a324783426fc532109ddb78b616fe71d3395343c 15940 spice_0.14.3-1ubuntu2_source.buildinfo
Checksums-Sha256:
 8e3033cac9f959f8c9d7e7e5c50e7515a5b1e72a79d96dc09f7d1d21f9a086bc 2771 spice_0.14.3-1ubuntu2.dsc
 c0c8698a803db6c61418a03670768d039dada79c43fb16506284b4a50aebfadb 18828 spice_0.14.3-1ubuntu2.debian.tar.xz
 aa00435aa8a11c150ed332f0f3e95af93416f99a3a8d0ecc3f91bacd8fd5f9f3 15940 spice_0.14.3-1ubuntu2_source.buildinfo
Files:
 6dff63698d5eceeedd360d4d40cfa696 2771 misc optional spice_0.14.3-1ubuntu2.dsc
 bb7d06d089fe0dc0188e57f74becd908 18828 misc optional spice_0.14.3-1ubuntu2.debian.tar.xz
 4b4c0abd2637a2dda99b5471f7bcb1b6 15940 misc optional spice_0.14.3-1ubuntu2_source.buildinfo
Original-Maintainer: Debian QEMU Team <pkg-qemu-devel at lists.alioth.debian.org>

More information about the Groovy-changes mailing list