[ubuntu/groovy-proposed] spice 0.14.3-1ubuntu2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Tue Oct 6 16:25:47 UTC 2020
spice (0.14.3-1ubuntu2) groovy; urgency=medium
* SECURITY UPDATE: multiple buffer overflows in QUIC image decoding
- debian/patches/CVE-2020-14355-1.patch: check we have some data to
start decoding quic image in subprojects/spice-common/common/quic.c.
- debian/patches/CVE-2020-14355-2.patch: check image size in
quic_decode_begin in subprojects/spice-common/common/quic.c.
- debian/patches/CVE-2020-14355-3.patch: check RLE lengths in
subprojects/spice-common/common/quic_tmpl.c.
- debian/patches/CVE-2020-14355-4.patch: avoid possible buffer overflow
in find_bucket in subprojects/spice-common/common/quic_family_tmpl.c.
- CVE-2020-14355
Date: Thu, 01 Oct 2020 07:00:18 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/spice/0.14.3-1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Thu, 01 Oct 2020 07:00:18 -0400
Source: spice
Architecture: source
Version: 0.14.3-1ubuntu2
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
spice (0.14.3-1ubuntu2) groovy; urgency=medium
.
* SECURITY UPDATE: multiple buffer overflows in QUIC image decoding
- debian/patches/CVE-2020-14355-1.patch: check we have some data to
start decoding quic image in subprojects/spice-common/common/quic.c.
- debian/patches/CVE-2020-14355-2.patch: check image size in
quic_decode_begin in subprojects/spice-common/common/quic.c.
- debian/patches/CVE-2020-14355-3.patch: check RLE lengths in
subprojects/spice-common/common/quic_tmpl.c.
- debian/patches/CVE-2020-14355-4.patch: avoid possible buffer overflow
in find_bucket in subprojects/spice-common/common/quic_family_tmpl.c.
- CVE-2020-14355
Checksums-Sha1:
ece1f5f7ef533100b209bbbcdd61fc36f1b3b205 2771 spice_0.14.3-1ubuntu2.dsc
928aee75547999a615b8e1ee3fe3d90f0daa0837 18828 spice_0.14.3-1ubuntu2.debian.tar.xz
a324783426fc532109ddb78b616fe71d3395343c 15940 spice_0.14.3-1ubuntu2_source.buildinfo
Checksums-Sha256:
8e3033cac9f959f8c9d7e7e5c50e7515a5b1e72a79d96dc09f7d1d21f9a086bc 2771 spice_0.14.3-1ubuntu2.dsc
c0c8698a803db6c61418a03670768d039dada79c43fb16506284b4a50aebfadb 18828 spice_0.14.3-1ubuntu2.debian.tar.xz
aa00435aa8a11c150ed332f0f3e95af93416f99a3a8d0ecc3f91bacd8fd5f9f3 15940 spice_0.14.3-1ubuntu2_source.buildinfo
Files:
6dff63698d5eceeedd360d4d40cfa696 2771 misc optional spice_0.14.3-1ubuntu2.dsc
bb7d06d089fe0dc0188e57f74becd908 18828 misc optional spice_0.14.3-1ubuntu2.debian.tar.xz
4b4c0abd2637a2dda99b5471f7bcb1b6 15940 misc optional spice_0.14.3-1ubuntu2_source.buildinfo
Original-Maintainer: Debian QEMU Team <pkg-qemu-devel at lists.alioth.debian.org>
More information about the Groovy-changes
mailing list