[Bug 1592227] [NEW] Sync spice 0.12.6-4.1 (main) from Debian unstable (main)
Launchpad Bug Tracker
1592227 at bugs.launchpad.net
Tue Jun 14 02:41:01 UTC 2016
You have been subscribed to a public bug by Logan Rosen (logan):
Please sync spice 0.12.6-4.1 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: denial of service and possible code execution via
memory allocation flaw in smartcard interaction
- debian/patches/CVE-2016-0749/*.patch: add a ref to item and allocate
msg with the expected size in server/smartcard.c.
- CVE-2016-0749
* SECURITY UPDATE: host memory access from guest with invalid primary
surface parameters
- debian/patches/CVE-2016-2150/*.patch: create a function to validate
surface parameters in server/red_parse_qxl.*, improve primary surface
parameter checks in server/red_worker.c.
- CVE-2016-2150
Done in Debian.
Changelog entries since current yakkety version 0.12.6-4ubuntu1:
spice (0.12.6-4.1) unstable; urgency=high
* Non-maintainer upload.
* CVE-2016-0749: heap-based buffer overflow in smartcard interaction
(Closes: #826585)
* CVE-2016-2150: host memory access from guest using crafted primary surface
parameters (Closes: #826584)
-- Salvatore Bonaccorso <carnil at debian.org> Mon, 06 Jun 2016 19:22:10
+0200
** Affects: spice (Ubuntu)
Importance: Wishlist
Status: New
--
Sync spice 0.12.6-4.1 (main) from Debian unstable (main)
https://bugs.launchpad.net/bugs/1592227
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list