Back to spice-vdagent PTS page

Accepted spice-vdagent 0.17.0-1+deb9u1 (source amd64) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted spice-vdagent 0.17.0-1+deb9u1 (source amd64) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Wed, 13 Jan 2021 06:00:13 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1kzZCX-0002ds-6w@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 11 Jan 2021 21:18:17 +0530
Source: spice-vdagent
Binary: spice-vdagent
Architecture: source amd64
Version: 0.17.0-1+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Liang Guo <guoliang@debian.org>
Changed-By: Abhijith PA <abhijith@debian.org>
Description:
 spice-vdagent - Spice agent for Linux
Closes: 883238 973769
Changes:
 spice-vdagent (0.17.0-1+deb9u1) stretch-security; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS Team.
   * Fix security issues;
     - CVE-2017-15108: vdagent_file_xfers_data() does not properly
       escape xfers->save_dir before giving it as argument to system().
       (Closes: #883238)
     - CVE-2020-25650: flaw in spice-vdagentd handling file transfers
       and this can be used to perform memory denial of service for
       spice-vdagent.
     - CVE-2020-25651: flaw in SPICE file transfer protocol allowing
       to snoop on other users file transfer or completely interrupt.
     - CVE-2020-25652: flaw was found in the spice-vdagentd daemon,
       where it did not properly handle client connections that can be
       established via the UNIX domain socket.Any unprivileged local
       guest user could use this flaw to prevent legitimate agents from
       connecting to the spice-vdagentd daemon, resulting in a denial
       of service.
     - CVE-2020-25653: race condition vulnerability was found in the
       way the spice-vdagentd daemon handled new client connections
       This flaw may allow an unprivileged local guest user to become
       the active agent for spice-vdagentd, possibly resulting in a
       denial of service or information leakage from the host.
       (Closes: #973769)
Checksums-Sha1:
 bbeac6fb9cc3b1f207951f95e2426aed32ad5a06 2234 spice-vdagent_0.17.0-1+deb9u1.dsc
 a8edc1ddb8493463e4f3bd3f42a56c4026403ee5 130413 spice-vdagent_0.17.0.orig.tar.bz2
 8f58b69519a48404be4ca37ad546a8b1b146baea 11276 spice-vdagent_0.17.0-1+deb9u1.debian.tar.xz
 a61500faa850c9d57f1c62a0dab8ae047751fa4f 126332 spice-vdagent-dbgsym_0.17.0-1+deb9u1_amd64.deb
 ebb77df50779b96585ddc892f17e4d0365d88572 8697 spice-vdagent_0.17.0-1+deb9u1_amd64.buildinfo
 51880322b6f5bc19a5051804865b0661c168f7f0 49438 spice-vdagent_0.17.0-1+deb9u1_amd64.deb
Checksums-Sha256:
 ac1329453365ae7b5729a0dd61a3d269d4642e2d6da804a0cf947fc5bdabfb31 2234 spice-vdagent_0.17.0-1+deb9u1.dsc
 f14a8bd8cdee10641aabd9ba32461a5844eab0fddb2a10c1d31386e7a9f7b33d 130413 spice-vdagent_0.17.0.orig.tar.bz2
 bbde48fc7a62115464de34483966ffde7a6f45d1389201383196f679d5caba0c 11276 spice-vdagent_0.17.0-1+deb9u1.debian.tar.xz
 af918ebc0b0ff026fee9c84692c3f11b646583fa7df034c93591da7f3070150f 126332 spice-vdagent-dbgsym_0.17.0-1+deb9u1_amd64.deb
 b9a1e32917d93e6a6af45dcac33d5103f44b379d413624ccfd401305aaa94e43 8697 spice-vdagent_0.17.0-1+deb9u1_amd64.buildinfo
 6ce5b294657d105f597c64b13c2cabed41094e1e89de63a3e57f2a74d89ab278 49438 spice-vdagent_0.17.0-1+deb9u1_amd64.deb
Files:
 2540896ca064e254dea27ada01bf3731 2234 x11 optional spice-vdagent_0.17.0-1+deb9u1.dsc
 b184791c49968a54c653de9a630df1dd 130413 x11 optional spice-vdagent_0.17.0.orig.tar.bz2
 58bd43a850cebac53314ec46030ff652 11276 x11 optional spice-vdagent_0.17.0-1+deb9u1.debian.tar.xz
 e17c2b45220ef6f558228c0cdbda481f 126332 debug extra spice-vdagent-dbgsym_0.17.0-1+deb9u1_amd64.deb
 9fa33eb879716b284ffda2221c3986f8 8697 x11 optional spice-vdagent_0.17.0-1+deb9u1_amd64.buildinfo
 e29bab33886b50eab1cb943809a8225d 49438 x11 optional spice-vdagent_0.17.0-1+deb9u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl/+iP4UHGFiaGlqaXRo
QGRlYmlhbi5vcmcACgkQhj1N8u2cKO/DLxAAg8Ne1XDZXo5Rr6CXhji+B37c6Tie
cIS7Jh9elpgMJMaq+yB3E6X7XuqHmM+6wtBUbIAQlsmBOrXfnYBdXiWEdPIZCRGY
KhSVz77l6iLF1iWR+GOBMgPF5tMRArEZS0O5wvIhz4dF2VVNOD8BeLbPtUMOvBBt
zrOgwpHzrU2oDWB4K92lLRxCVDp4vPUUYmeoEU6g9D5Ni0m3rzBcHiq6o1FRhrdB
6mzw8NJ+jov48Mg79yWDgJcqzTpey5k9p4qiunzvq0Fh1LtiQxxSaykeDNj/C3rZ
PIywf9PFuFl2Akh50hvMJI0gmr2zxqPlT5RxaHfAH+AeEMuV7cJlCDmJIIN9Fqkc
SyMvjwDpWuphPKL/aAX76HyjHwuoxMB4WhJ+VtLL1chCk6AHNK7Vz4RsySPP+OHZ
EGcau54Kt/RXr5tOaQooDlLvFXWlHQBBUPxVRzcYUuC02ZVRpWyksBK9PNmS9F6M
xTXmYVUmW/guAifyxkbvtlICq5etoTOne2tg5lnc1KP3PKVK1d1/XFgc4fozZX6H
w6ljtSMxSoW/aQ1bxPZNGWspdqV9VwolrdNnT4jcLB+bKiThueV6xgmxRT9KK9Rw
eKBO38ZX8QsluN5WImCLD+drh5meBO2VJy4gZktZNQPKReKwcO6AT23sh5AZsv6v
HSNCcj8fZM5MbTU=
=nH3r
-----END PGP SIGNATURE-----