[ubuntu/yakkety-proposed] spice 0.12.6-4ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Fri Jun 10 15:10:14 UTC 2016 

spice (0.12.6-4ubuntu1) yakkety; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    memory allocation flaw in smartcard interaction
    - debian/patches/CVE-2016-0749/*.patch: add a ref to item and allocate
      msg with the expected size in server/smartcard.c.
    - CVE-2016-0749
  * SECURITY UPDATE: host memory access from guest with invalid primary
    surface parameters
    - debian/patches/CVE-2016-2150/*.patch: create a function to validate
      surface parameters in server/red_parse_qxl.*, improve primary surface
      parameter checks in server/red_worker.c.
    - CVE-2016-2150

Date: Fri, 10 Jun 2016 10:12:39 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/spice/0.12.6-4ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 10 Jun 2016 10:12:39 -0400
Source: spice
Binary: libspice-server1 libspice-server1-dbg libspice-server-dev
Architecture: source
Version: 0.12.6-4ubuntu1
Distribution: yakkety
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 libspice-server-dev - Header files and development documentation for spice-server
 libspice-server1 - Implements the server side of the SPICE protocol
 libspice-server1-dbg - Debugging symbols for libspice-server1
Changes:
 spice (0.12.6-4ubuntu1) yakkety; urgency=medium
 .
   * SECURITY UPDATE: denial of service and possible code execution via
     memory allocation flaw in smartcard interaction
     - debian/patches/CVE-2016-0749/*.patch: add a ref to item and allocate
       msg with the expected size in server/smartcard.c.
     - CVE-2016-0749
   * SECURITY UPDATE: host memory access from guest with invalid primary
     surface parameters
     - debian/patches/CVE-2016-2150/*.patch: create a function to validate
       surface parameters in server/red_parse_qxl.*, improve primary surface
       parameter checks in server/red_worker.c.
     - CVE-2016-2150
Checksums-Sha1:
 c8a39f8411ccf07eefd14b4a47457cf224219e99 2394 spice_0.12.6-4ubuntu1.dsc
 b9f2ed642b61889434740081d87263f909ffad3e 12868 spice_0.12.6-4ubuntu1.debian.tar.xz
Checksums-Sha256:
 f6c0352f2126cc13f271bd1b2c1422ed52167c87e5b5ccfe8364a75cf10b4ff2 2394 spice_0.12.6-4ubuntu1.dsc
 5228a4041eee83ff5053f46ccb5c82866e06fc862cfad8578b012a9addba6473 12868 spice_0.12.6-4ubuntu1.debian.tar.xz
Files:
 2fbad0b9254a633713c8f27a506b1112 2394 misc optional spice_0.12.6-4ubuntu1.dsc
 c0121e88c2f4e9f939957088e3e685bc 12868 misc optional spice_0.12.6-4ubuntu1.debian.tar.xz
Original-Maintainer: Liang Guo <guoliang at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXWtcIAAoJEGVp2FWnRL6T1qoP/RFa7VtwvDlCS/4wCKHBWd7x
EdUKB69CpZk+5pLXbZwPRiU8qZoxSCw6adsgd3Xd+vhft1FXxTVlNND4+JN5HLOp
GfhjHW4D28T2NGzeCGH7dsf0x0fN4Zn130yqsEr+hRXlPKbSjbIH8KT8N0SfpcJ6
6oOvvRIvwXYPOo4KlQhwTcduj9ba2HMYzDj5rmMxtclCyOo5V2hCnBMnQQCP18Kb
U7mwTSJkRDUtfdmulVeGlGm3ymabHfgdEHpBh5RQyOJsiBsnLFjA97ouaIXiCJqE
bOPK8aLptd8CXZ0wZgH+mZLdeiiUU6/orej97kgrZzOG5DD1GOtSOKWA2UcIJXa0
0RF5ViRL7u/NsaJh+coh9ULh80Q5DANKxV+Epqa25gn6SzNK6+j1lpJfGn0840yt
p+d0Dlmx5oEZQrn90cQuOHXY2kWj05d0x7hoNcUwhkA2GYO+PqUadtYULCiO4izO
3RSbaP6EYJKI2tz6cUQDYcCX+c/e3OSgSlUOMCvgC+WR0bGxFajaLQyLp2+PiLJM
ERGV2qEu1E3gt54oyfn4508m8lwpL+nc7AiVCJo9p5O9rWghBbhzBDEYDM0lK3HS
/fBFN6jdFI+dqNJmFPCnoEULXUNF9m/USD+iWYz4U/QdcdwwknOfUW4o2HArM7YP
3QN9ay0iLBJ0CKnZK9dE
=YF1Z
-----END PGP SIGNATURE-----

More information about the Yakkety-changes mailing list