[ubuntu/zesty-proposed] spice 0.12.8-2ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Feb 15 19:30:21 UTC 2017


spice (0.12.8-2ubuntu1) zesty; urgency=medium

  * SECURITY UPDATE: overflow when reading large messages
    - debian/patches/CVE-2016-9577.patch: check size in
      server/main_channel.c.
    - CVE-2016-9577
  * SECURITY UPDATE: DoS via crafted message
    - debian/patches/CVE-2016-9578-1.patch: limit size in server/reds.c.
    - debian/patches/CVE-2016-9578-2.patch: limit caps in server/reds.c.
    - CVE-2016-9578

Date: Wed, 15 Feb 2017 13:58:19 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/spice/0.12.8-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 15 Feb 2017 13:58:19 -0500
Source: spice
Binary: libspice-server1 libspice-server-dev
Architecture: source
Version: 0.12.8-2ubuntu1
Distribution: zesty
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 libspice-server-dev - Header files and development documentation for spice-server
 libspice-server1 - Implements the server side of the SPICE protocol
Changes:
 spice (0.12.8-2ubuntu1) zesty; urgency=medium
 .
   * SECURITY UPDATE: overflow when reading large messages
     - debian/patches/CVE-2016-9577.patch: check size in
       server/main_channel.c.
     - CVE-2016-9577
   * SECURITY UPDATE: DoS via crafted message
     - debian/patches/CVE-2016-9578-1.patch: limit size in server/reds.c.
     - debian/patches/CVE-2016-9578-2.patch: limit caps in server/reds.c.
     - CVE-2016-9578
Checksums-Sha1:
 566198352d67decd7954a45fb03df12029b9c751 2477 spice_0.12.8-2ubuntu1.dsc
 d79a19ccd7e959ed567bd694a358f0aed6238e11 10904 spice_0.12.8-2ubuntu1.debian.tar.xz
Checksums-Sha256:
 5c6f4a014747a758dccff2048f7c589ca4623bd2f8be9b8b132cf006c38dd70a 2477 spice_0.12.8-2ubuntu1.dsc
 285f3bcbb6259c5a9335ab9dc40cafbfea6af88a35153b9f307157e0f2f5afb8 10904 spice_0.12.8-2ubuntu1.debian.tar.xz
Files:
 5c0924cfbcd0de8cb6f82201917c8dc9 2477 misc optional spice_0.12.8-2ubuntu1.dsc
 6d27e1fa179fdfd27da362d1d9b220b3 10904 misc optional spice_0.12.8-2ubuntu1.debian.tar.xz
Original-Maintainer: Liang Guo <guoliang at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJYpKuXAAoJEGVp2FWnRL6TakUP+gK/4xlzVImY6QS6RROe7ms5
O+zbDBTezAMyf+ndKUNVtDR+EAfFEh8euN7a1fL5hmZr56YUYFUeydF7vLKEyLeD
He3eS5Y1v5o6IQqMpt5W8Xa823x9v8XiBDir9xL601Rp/gW/IGeFVc9VFZohY72f
8xSuV9dkmxo6a+3AlDBZS7ywFkJmVv2J4qF28Ell0vymz0FNOKll+Q2B96B6iDxI
vJDoCnuuKtI77ZcImGbIXDT6MaDxM+4p2Az+1zRZ15xG4lIeRDdLRk7g3IrRf/j2
lmSVx7Ii5MU7AFzh/W2J9iDUkELoxqpNUZqXO6ASXHzt6qZS+F7xcK/rZIvJaew3
Kz4buu68fbDz7QzhQwXjUm32M4zFN7HR56qa2vzEdex1j0PNJ9AawHlxnjR5HcBd
wzm0H6ZbHgwuGixAYX5lUbcFG0MgKi5iAV+T6Peq+WK+3CwMB34KmllQk4dSEjnw
ZZAYTbWjuqp0SmAy0wugTYXF/4lZ8f7QoWQ2ff5NsvGckdnjChTGWh1poLRSL6ov
UmHnnpqRjuuxuJ+z9kFzXnjmUPKc1a4qAXdw1/Js2w9afZSgn8suEKMhBiHzzpIo
r3/XFwbiIX9KEg0Iuaxjg/5AtugQa8WfFi3jCS0TBUuKH8oSB1vq6wzcZPrulCbU
bZSA753TnyaxMiwwfiQa
=Oev3
-----END PGP SIGNATURE-----


More information about the Zesty-changes mailing list