Accepted spice-gtk 0.25-1+deb8u1 (source amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 31 Aug 2018 23:52:16 +0200
Source: spice-gtk
Binary: spice-client-gtk spice-client-glib-usb-acl-helper libspice-client-glib-2.0-8 gir1.2-spice-client-glib-2.0 libspice-client-glib-2.0-dev libspice-client-gtk-2.0-4 gir1.2-spice-client-gtk-2.0 libspice-client-gtk-2.0-dev libspice-client-gtk-3.0-4 gir1.2-spice-client-gtk-3.0 libspice-client-gtk-3.0-dev python-spice-client-gtk
Architecture: source amd64
Version: 0.25-1+deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: Liang Guo <guoliang@debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Description:
gir1.2-spice-client-glib-2.0 - GObject for communicating with Spice servers (GObject-Introspecti
gir1.2-spice-client-gtk-2.0 - GTK2 widget for SPICE clients (GObject-Introspection)
gir1.2-spice-client-gtk-3.0 - GTK3 widget for SPICE clients (GObject-Introspection)
libspice-client-glib-2.0-8 - GObject for communicating with Spice servers (runtime library)
libspice-client-glib-2.0-dev - GObject for communicating with Spice servers (development files)
libspice-client-gtk-2.0-4 - GTK2 widget for SPICE clients (runtime library)
libspice-client-gtk-2.0-dev - GTK2 widget for SPICE clients (development files)
libspice-client-gtk-3.0-4 - GTK3 widget for SPICE clients (runtime library)
libspice-client-gtk-3.0-dev - GTK3 widget for SPICE clients (development files)
python-spice-client-gtk - GTK2 widget for SPICE clients (Python binding)
spice-client-glib-usb-acl-helper - Spice client glib usb acl helper
spice-client-gtk - Simple clients for interacting with SPICE servers
Changes:
spice-gtk (0.25-1+deb8u1) jessie-security; urgency=medium
.
* Non-maintainer upload by the LTS Team.
* CVE-2018-10873:
A vulnerability was discovered in SPICE before version 0.14.1 where
the generated code used for demarshalling messages lacked sufficient
bounds checks. A malicious client or server, after authentication,
could send specially crafted messages to its peer which would result
in a crash or, potentially, other impacts.
.
Fix: Bail out with an error if the pointer to the start of some
message data is strictly greater than the pointer to the end of the
message data.
.
See review comments in debian/patches/CVE-2018-10873.patch about
potential weaknesses of this fix.
Checksums-Sha1:
9aab0ec657bc54dc5ccd166ce689e0b11d70e927 3501 spice-gtk_0.25-1+deb8u1.dsc
dc4caf42d7497ba424efc22720946d116ead5dd2 1242457 spice-gtk_0.25.orig.tar.bz2
54c8eba041a4869e72c96bee0bbfcdfcb00dfd3c 13972 spice-gtk_0.25-1+deb8u1.debian.tar.xz
84ab52bc5daf372b39ef44f1cb58cfa3482d3c93 143616 spice-client-gtk_0.25-1+deb8u1_amd64.deb
fa9d7025d2b91d2675a8909a4b511823ea5b3895 123280 spice-client-glib-usb-acl-helper_0.25-1+deb8u1_amd64.deb
8d542868ac90156114f25b0762f39850358f5d8c 412092 libspice-client-glib-2.0-8_0.25-1+deb8u1_amd64.deb
898d653b9242ab6017d8612b42d047fdbcb75bea 125106 gir1.2-spice-client-glib-2.0_0.25-1+deb8u1_amd64.deb
75322d47740ff7309dc1307c0e64283ce406608c 145686 libspice-client-glib-2.0-dev_0.25-1+deb8u1_amd64.deb
33aed38a899ccaa22513005a31bf267aff79ca81 151410 libspice-client-gtk-2.0-4_0.25-1+deb8u1_amd64.deb
21167358f47bc0979cf5c3cdee009663e4065662 119952 gir1.2-spice-client-gtk-2.0_0.25-1+deb8u1_amd64.deb
dbc8bd3adc88e7eb4c8483a988ba222db6f7c70c 176978 libspice-client-gtk-2.0-dev_0.25-1+deb8u1_amd64.deb
a3cc8d419902dc8efada7d0bd241347b9f205f3d 152324 libspice-client-gtk-3.0-4_0.25-1+deb8u1_amd64.deb
20b2ab3c988612608d8234c74d0b1cfed4171c1c 119950 gir1.2-spice-client-gtk-3.0_0.25-1+deb8u1_amd64.deb
d041db3f114c2e7fd2f215890a0396cb8c4c9cff 125098 libspice-client-gtk-3.0-dev_0.25-1+deb8u1_amd64.deb
1ee5f41db8580f7b0044690f17e23d4f1878b436 129330 python-spice-client-gtk_0.25-1+deb8u1_amd64.deb
Checksums-Sha256:
d1cef3d9d26636900cb51e082eca45989806b6397649d50c11cf94ef91a7b17b 3501 spice-gtk_0.25-1+deb8u1.dsc
0730c6a80ad9f5012f65927d443377019f300573f7ccc93db84eadec462ad087 1242457 spice-gtk_0.25.orig.tar.bz2
d07351332754dbb78e3f707f6cfa7ab278bd2d46c60e5a77be46b4f33d2048d1 13972 spice-gtk_0.25-1+deb8u1.debian.tar.xz
c209f961d0a5057e6a49ed81860ec9270a096a3296d494c9b35ee8dd5b120b45 143616 spice-client-gtk_0.25-1+deb8u1_amd64.deb
0486197f8560f1b2e499c5ad18a5477dedb1cb1bf773d763264eba607963b56a 123280 spice-client-glib-usb-acl-helper_0.25-1+deb8u1_amd64.deb
76da8267fd1a307f401a535d8e5df66d6ec7c110d6d5ead0d8fe4784d019e8f0 412092 libspice-client-glib-2.0-8_0.25-1+deb8u1_amd64.deb
6a861c0dca7d063bb1a2ce9395eafa674543277771fa23f8bf874c063674a35a 125106 gir1.2-spice-client-glib-2.0_0.25-1+deb8u1_amd64.deb
bed7c5cb8a6137c4e2f989f7f9017e74653456caea8d6941ed36a71e0ed08802 145686 libspice-client-glib-2.0-dev_0.25-1+deb8u1_amd64.deb
f9aff8f0cc54e9102d2c303114861ecf041ed819142b9eab95904309662db2b4 151410 libspice-client-gtk-2.0-4_0.25-1+deb8u1_amd64.deb
3fe3f2bd3ce546599ffea728462b230321e5e1aefaceb84e56a052e3c8446ba4 119952 gir1.2-spice-client-gtk-2.0_0.25-1+deb8u1_amd64.deb
9e80ecf69735ae6cb3962946999c555a6ccadaf114ce5ba4027f891bfe415003 176978 libspice-client-gtk-2.0-dev_0.25-1+deb8u1_amd64.deb
fc3368768342f36d7ef81bd94ec8f4262758e53481aa1b872315c6dca8a7e63e 152324 libspice-client-gtk-3.0-4_0.25-1+deb8u1_amd64.deb
22dfc6a76165570a74e44906269870344f5695bd06bf2984c01f87b7c3d183a2 119950 gir1.2-spice-client-gtk-3.0_0.25-1+deb8u1_amd64.deb
35b041d20ec48e810ceddfcbcd6252587c989098ac837717289b7c94a0e2b968 125098 libspice-client-gtk-3.0-dev_0.25-1+deb8u1_amd64.deb
ab30e245dc89e4758015dc78047f0a47986367edafc36fff740643c50ba1c210 129330 python-spice-client-gtk_0.25-1+deb8u1_amd64.deb
Files:
90062c86a9b6138e8e0ae2614d07a3f6 3501 misc optional spice-gtk_0.25-1+deb8u1.dsc
a79f1ff8b21d295b2a028e52708fb551 1242457 misc optional spice-gtk_0.25.orig.tar.bz2
2df27f3d789a4b5f26065c2ecf5b5700 13972 misc optional spice-gtk_0.25-1+deb8u1.debian.tar.xz
20e8cd2b8e0188eb12177796ad575cf8 143616 misc optional spice-client-gtk_0.25-1+deb8u1_amd64.deb
735d326be3cb0d65cf63dc4f2da027e5 123280 misc optional spice-client-glib-usb-acl-helper_0.25-1+deb8u1_amd64.deb
3991e4d6ac829959fa15873150f347a1 412092 libs optional libspice-client-glib-2.0-8_0.25-1+deb8u1_amd64.deb
85e8299740e5b935b9f3cf57c8b06fad 125106 introspection optional gir1.2-spice-client-glib-2.0_0.25-1+deb8u1_amd64.deb
66a06c717c5e6a8264b49e4a2c0b6825 145686 libdevel optional libspice-client-glib-2.0-dev_0.25-1+deb8u1_amd64.deb
7eec2952092da795269e0c2f6596dda5 151410 libs optional libspice-client-gtk-2.0-4_0.25-1+deb8u1_amd64.deb
2c2b7c892a66bd614c2d71f2fccb065e 119952 introspection optional gir1.2-spice-client-gtk-2.0_0.25-1+deb8u1_amd64.deb
35822cc2f68c97e30130291ffb1f3a3f 176978 libdevel optional libspice-client-gtk-2.0-dev_0.25-1+deb8u1_amd64.deb
ce4ebe9c049971ba6a06ad95452a4493 152324 libs optional libspice-client-gtk-3.0-4_0.25-1+deb8u1_amd64.deb
479865fdf785ba2d39965e12fb0c46aa 119950 introspection optional gir1.2-spice-client-gtk-3.0_0.25-1+deb8u1_amd64.deb
6bf38ba3d42687fa8417390d03223073 125098 libdevel optional libspice-client-gtk-3.0-dev_0.25-1+deb8u1_amd64.deb
f086477757cac64d2e218360e4e9121a 129330 python optional python-spice-client-gtk_0.25-1+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAluJuxoVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxxdoP/j0aOI4GE3rqPOEADFD/NN3m4ig0
kzMLRHzFuCGSmFqT82KeaM7l8re9cifdXlq2ojlNNiQVfGpJF1+egYCfhio/zeV+
E0QZYOlEoNvh+YzJ7Uwx8YP+88CGusnx1oz7IU9JftjaXQ/D0AEXcXWIMgEijdQE
Sq3wuIwnOOjvVFakR0yl4G+x9Fr6qdgsYntWmEJNk0qZTLfisstSFXpR6ulGm4F2
HL/mucUpGZYNWew5nZ8lYkSR3SUV9B6klDrUgzy/yud8VP7Ts85+D6SgqOVVpYDQ
6TXX0m/Z4NU1mChGJ7tVj6RuqO12tbUV0nOEDkM4c9FAwaE2rgiJtY5fVs5eDJZL
/l+aRsHaNEZDNnOMnfM+KDfo27hHXOzgyVZ15WHS+LlBmqmcr5K5Goe5Z9uu/ueq
aMDKqG5OMI8kc4/AJ3F7yHGsd/ljoUeezqaPuIK/EOU8XRbD7NHrSnQeXkprS+KH
TZ+6OfwykxG3oW1A1xgMf7H0nlMhRVba0JuRK984R9l6E+t1K2zPIErwbL6QY0kF
PGbzVKnwfx4isG+b+8GEuUYheJKe8G7WT8FT3X/qamyGxuOvuGv4+msjzXqTVDMC
lhUydUzU9B9MvR73Gap0YIEE6iH3RC4Rma1snvevegWaqENEl2L1f+BHMtnQOGuS
nfj9zpRYYGZTpG9c
=A8rH
-----END PGP SIGNATURE-----