Accepted spice 0.11.0-1+deb7u4 (source amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 17 Feb 2017 00:22:08 +0100
Source: spice
Binary: spice-client libspice-server1 libspice-server-dev
Architecture: source amd64
Version: 0.11.0-1+deb7u4
Distribution: wheezy-security
Urgency: high
Maintainer: Liang Guo <guoliang@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
libspice-server-dev - Header files and development documentation for spice-server
libspice-server1 - Implements the server side of the SPICE protocol
spice-client - Implements the client side of the SPICE protocol
Closes: 854336
Changes:
spice (0.11.0-1+deb7u4) wheezy-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Add CVE-2016-9577-and-CVE-2016-9578.patch:
- CVE-2016-9577: A buffer overflow vulnerability in
main_channel_alloc_msg_rcv_buf was found that occurs when reading large
messages due to missing buffer size check.
- CVE-2016-9578: A vulnerability was discovered in the server's
protocol handling. An attacker able to connect to the spice server could
send crafted messages which would cause the process to crash.
(Closes: #854336)
Checksums-Sha1:
adb2c01f4cc827be5456bad0272a951987224554 2441 spice_0.11.0-1+deb7u4.dsc
2c26e66e0e57f0c0037eaae81f04d8d19b044aca 35640 spice_0.11.0-1+deb7u4.debian.tar.gz
55823a7eb6adddd5290a2a8337baf6a08b959c5f 439286 spice-client_0.11.0-1+deb7u4_amd64.deb
903acb2e410cf022e5026e5f5ffc3b8765ae20f7 377032 libspice-server1_0.11.0-1+deb7u4_amd64.deb
bd58c3681d9f427c1af57b8be14dccebd0c6f014 458250 libspice-server-dev_0.11.0-1+deb7u4_amd64.deb
Checksums-Sha256:
45e47313b2d07951197425db10427db102a05ab1af4c13e72aaaec8531dcdcd6 2441 spice_0.11.0-1+deb7u4.dsc
218878e8bc1498cf263ddffac5adb12fe20f9bd3f3ab04f0f330587ffc8eacff 35640 spice_0.11.0-1+deb7u4.debian.tar.gz
c814a125d8bdc94b7bbbe78b8dcfb008ff258107cace6498ac0de037324832d6 439286 spice-client_0.11.0-1+deb7u4_amd64.deb
f2247eb93c3e6d8f3f62df7ca2600266e186bdddac04e3a5d3f8a1732b4f2104 377032 libspice-server1_0.11.0-1+deb7u4_amd64.deb
9e99b2dadb599b6f08e57c2611c4f78bd971420a56e8109b49e595da36b507f3 458250 libspice-server-dev_0.11.0-1+deb7u4_amd64.deb
Files:
6c0f5a620b191c7965385c38953822e7 2441 misc optional spice_0.11.0-1+deb7u4.dsc
69eeecd074349ac184838f984bb4a82f 35640 misc optional spice_0.11.0-1+deb7u4.debian.tar.gz
71162084b6aaeeab290c28956034df01 439286 misc optional spice-client_0.11.0-1+deb7u4_amd64.deb
26a93ca929bdc9ac2283c6f355c9c0ca 377032 libs optional libspice-server1_0.11.0-1+deb7u4_amd64.deb
4210d242374e1f4d23f221bd33ca629e 458250 libdevel optional libspice-server-dev_0.11.0-1+deb7u4_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlimOdVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkRjcP/jOfv9HEU+xOIjoX7Z5NiW3RYLk+PUxmt/Wf
BS/Ue+R8sMW9CsHGE5EeJw4a34zwlRBfFOmEMxAyqp+q1CnwVZ2/njlmTujhZJjV
KA6917O7fsh8ac3qPM5FteQI+P7IL23iijerPMy7ZPGZmvP0UykCMqR0F02pmSqx
bsNQ4RnbNWQ/tjdCBpPrN4xRYjQyEgZ5VS7CDW7RhLBAID+vPPIoRGabckim7WqS
PQ50+OG+UkVE7fLZHtZ883NdhTIv2h3USTa8mBrZwPPUZOmfwhD8MRCHri8LN+SS
V6VfkVjYiSQ3BYhrIkJsdiU7nCdcZFioElWxK765HFVB5TPZvBpw4JE6h0MtTVeN
/sPmcHg3XSBCJ5s2i+se1Je4NkqU1ulPlFHmcgktthWpat3RnYY/rI4fAmoD51kf
eG1EFe2kL+/s0suM7CD5QtOJijlNvG+aq+WXTvIylqKrn0c9Z2x86Se240fjhiq8
8ZGh1czYXuEGoK1aexh4gNhPGcm18NlkEsGWDjIWiqhjB7g2HigSFMyw4pmWlljS
KZw/ML/xVsjg2i8jaxd/SPdY1rAfVAum/oHqQWqlzoxS0v0foptctM84oumpimms
pqldRG1GwE+PAAz8V1Lpc/zh1kTIMP/MsX+TIUso+4ur0hy55mAMdwY6Ga13kr8f
r7enLmGx
=OpdN
-----END PGP SIGNATURE-----