Back to spice-vdagent PTS page

Accepted spice-vdagent 0.20.0-2 (source) into unstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 03 Dec 2020 21:37:35 +0200
Source: spice-vdagent
Architecture: source
Version: 0.20.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Adrian Bunk <bunk@debian.org>
Closes: 973769
Changes:
 spice-vdagent (0.20.0-2) unstable; urgency=medium
 .
   * QA upload.
   * Set Maintainer to Debian QA Group. (see #911430)
   * Add changes from Ubuntu:
     * SECURITY UPDATE: Memory DoS via Arbitrary Entries in active_xfers Hash
       Table
       - debian/patches/CVE-2020-25650-1.patch: avoid agents allocating file
         transfers in src/vdagentd/vdagentd.c.
       - debian/patches/CVE-2020-25650-2.patch: avoid uncontrolled
         active_xfers allocations in src/vdagentd/vdagentd.c.
       - CVE-2020-25650
     * SECURITY UPDATE: Possible File Transfer DoS and Information Leak via
       active_xfers Hash Map
       - debian/patches/CVE-2020-25651-1.patch: cleanup active_xfers when the
         client disconnects in src/vdagentd/vdagentd.c.
       - debian/patches/CVE-2020-25651-2.patch: do not allow using an already
         used file-xfer id in src/vdagentd/vdagentd.c.
       - CVE-2020-25651
     * SECURITY UPDATE: Possibility to Exhaust File Descriptors in vdagentd
       - debian/patches/CVE-2020-25652-1.patch: avoid unlimited agent
         connections in src/udscs.c.
       - debian/patches/CVE-2020-25652-2.patch: limit number of agents per
         session to 1 in src/vdagentd/vdagentd.c.
       - CVE-2020-25652
     * SECURITY UPDATE: UNIX Domain Socket Peer PID Retrieved via SO_PEERCRED
       is Subject to Race Condition
       - debian/patches/CVE-2020-25653-1.patch: avoid user session hijacking
         in src/vdagent-connection.c, src/vdagent-connection.h,
         src/vdagentd/vdagentd.c.
       - debian/patches/CVE-2020-25653-2.patch: better check for sessions in
         src/vdagentd/console-kit.c, src/vdagentd/dummy-session-info.c,
         src/vdagentd/session-info.h, src/vdagentd/systemd-login.c,
         src/vdagentd/vdagentd.c.
       - CVE-2020-25653
     * Additional fixes:
       - debian/patches/CVE-2020-2565x-1.patch: avoid calling chmod in
         src/vdagentd/vdagentd.c.
     (Closes: #973769)
Checksums-Sha1:
 747b9ee64e58d740233d881a364fb3fcca0aaa69 2450 spice-vdagent_0.20.0-2.dsc
 dd906212e4a36bba56ceed956820d2c25a51dc6a 21116 spice-vdagent_0.20.0-2.debian.tar.xz
Checksums-Sha256:
 fc27ab22dc76114b5bba8f63199500054baa6a555bc4fb4da17aabdd12acceca 2450 spice-vdagent_0.20.0-2.dsc
 92233464205236df6fe8f078473fb6ec39526f62cc5aa467ab5d4c02e301e6fe 21116 spice-vdagent_0.20.0-2.debian.tar.xz
Files:
 936eaa0aec5a1e6f428427c476515cef 2450 x11 optional spice-vdagent_0.20.0-2.dsc
 9fc51158d5991bdea3fd13923dbaa691 21116 x11 optional spice-vdagent_0.20.0-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl/JQHAACgkQiNJCh6LY
mLFh5hAAkzH4F6AEiV6Am5FOGOIeqSdU0yVJ6Ey+KEyQdcKOhZxxilFibnWsIIIS
hQxiqB43HMg18XBH1IRgjYF6WYJ4OzkiZN8YUZJd+t1PoeGEabjvD6+HWlixIgu3
7mRWGKmeVb7144xZCnC9Tugb+Nb1wCbX6cHQtsacDql4Wm/oGernZ8y32PpvP+XQ
SbxKfoYFWOcO3KWfeaRYtWLyYe+yiL9XTE9CjhCOsUIRVRvjQoH0sN1gaUQDzse0
wM7K6f8DCA5PErmo8fDQpqK3sp+efH3pXxfus/8M1d7G9XJub4DvEL682kbDef0m
X6sPa8e2pzRuoW6J8Puy0goLxptw08dG3Ic6MRUm9BqfxZS22LZp+WLsi4LoQAB6
Z/9X4K09JHTHhaMQYWjeKMdBTJFzrfG8oxp4hXiX4nFyUSixhXxTRSyJS/YyFPRT
w5bbUmbo61N60ScAazxUvzLGYqm1DfPhVux2VirxiCyUNFxthUKIsdOoGJ5q2IUB
sWHa+IWsnzpu/39/iKMoi8EMuzTBSjUz/wQXVqvZvfsxZbGsXiXnjluHMAi6Ntcj
sEs5Z+mPdfRMig29ApY19xy1otnETM/+dJNP3m2mldSK8hqHwPUJ+QbHN6eO19R6
v1WQRMupgH+Jbb1TSsxmlrbCzLfuoNSMNhCUOXbYs/VMAEr99lY=
=FPrc
-----END PGP SIGNATURE-----