Back to spice PTS page

Accepted spice 0.12.5-1+deb8u6 (source amd64) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted spice 0.12.5-1+deb8u6 (source amd64) into oldstable
From: Mike Gabriel <sunweaver@debian.org>
Date: Fri, 31 Aug 2018 21:00:23 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1fvqWl-0007nh-RN@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 31 Aug 2018 20:44:48 +0200
Source: spice
Binary: spice-client libspice-server1 libspice-server1-dbg libspice-server-dev
Architecture: source amd64
Version: 0.12.5-1+deb8u6
Distribution: jessie-security
Urgency: medium
Maintainer: Liang Guo <guoliang@debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Description:
 libspice-server-dev - Header files and development documentation for spice-server
 libspice-server1 - Implements the server side of the SPICE protocol
 libspice-server1-dbg - Debugging symbols for libspice-server1
 spice-client - Implements the client side of the SPICE protocol
Changes:
 spice (0.12.5-1+deb8u6) jessie-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2018-10873:
     A vulnerability was discovered in SPICE before version 0.14.1 where
     the generated code used for demarshalling messages lacked sufficient
     bounds checks. A malicious client or server, after authentication,
     could send specially crafted messages to its peer which would result
     in a crash or, potentially, other impacts.
     .
     Fix: Bail out with an error if the pointer to the start of some
     message data is strictly greater than the pointer to the end of the
     message data.
     .
     See review comments in debian/patches/CVE-2018-10873.patch about
     potential weaknesses of this fix.
Checksums-Sha1:
 08ffd2a001aa30123c047dd3c7ad91688dc95179 2398 spice_0.12.5-1+deb8u6.dsc
 2fabe47611cac6b43b3c2c61e400d7375f06e16a 1737169 spice_0.12.5.orig.tar.bz2
 a0c57412a805615c21d05bbb88693422f5fba75b 32528 spice_0.12.5-1+deb8u6.debian.tar.xz
 18b30b59aa86c94369e7c861dc3663f52f64cf5b 494628 spice-client_0.12.5-1+deb8u6_amd64.deb
 f9186feee231617f3f50e0fca64ca4b384ff8134 473024 libspice-server1_0.12.5-1+deb8u6_amd64.deb
 e1f73e015a8627438efbece0119688422870de6b 1213574 libspice-server1-dbg_0.12.5-1+deb8u6_amd64.deb
 7ff3356af483af2fe36d350c447f49b13e2b501d 507340 libspice-server-dev_0.12.5-1+deb8u6_amd64.deb
Checksums-Sha256:
 759602fa0978bd77063ce72af9ea424919ff63bb954d602afd20d686cf84c12f 2398 spice_0.12.5-1+deb8u6.dsc
 4209a20d8f67cb99a8a6ac499cfe79a18d4ca226360457954a223d6795c2f581 1737169 spice_0.12.5.orig.tar.bz2
 028e5620545e5b447f565e6505b4643daa2467adc61aedb1177644e7c39bceb5 32528 spice_0.12.5-1+deb8u6.debian.tar.xz
 c4ce7952b70628856d1a66954849225b747e70d64bb1dbffb6050cef989a0238 494628 spice-client_0.12.5-1+deb8u6_amd64.deb
 942d80ad05524066643f58075df470587968bde395c25e0a6e98f39e55aa9955 473024 libspice-server1_0.12.5-1+deb8u6_amd64.deb
 31087232f91ed17caeb3dcf951f2e0097f1e1013fd3ae72592fc151bac433312 1213574 libspice-server1-dbg_0.12.5-1+deb8u6_amd64.deb
 c0da8de6583a2194fa0a8ecc954b597827d67623688ca8517ad2badc23e94243 507340 libspice-server-dev_0.12.5-1+deb8u6_amd64.deb
Files:
 a9df62402ff8712d0dd68e8ac7ac19a3 2398 misc optional spice_0.12.5-1+deb8u6.dsc
 1256286214fe402703c0a01bd3a85319 1737169 misc optional spice_0.12.5.orig.tar.bz2
 70e542e318aa8abb8a0192dc33270180 32528 misc optional spice_0.12.5-1+deb8u6.debian.tar.xz
 76dfeb14f31b43c60da300a13b317de4 494628 misc optional spice-client_0.12.5-1+deb8u6_amd64.deb
 14125295758c019722375c7cbf7bbf7b 473024 libs optional libspice-server1_0.12.5-1+deb8u6_amd64.deb
 a53d9aeaf6a95cdc89ba8ce8ac2d0893 1213574 debug extra libspice-server1-dbg_0.12.5-1+deb8u6_amd64.deb
 598643136be5cc00da0366353c789552 507340 libdevel optional libspice-server-dev_0.12.5-1+deb8u6_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAluJqBwVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsx9coP/24xh2nTKIvo0w1Fb4zDiEMFHBUA
A2WcthvA6eoqcu0tf4WzzE42P28vgy3S26kYIIqRK1d+RNKjzHe3P0XJNw/95S2C
vJ+T4qoJDmWhsDTh9fFLouvuCCEOXNYMFOgP7Ft1EMu49JdtjfMOPP5OcDLcw4xb
jHPOVCe+jd4xRkIEoY9HgdxaF/VMx+uo3Goq6NQaILguMyVXcEQXxdFx3kMs5jH3
5blIWXGhI/41knKti5a8oppsuOSvgyE1tLid309i5Whkd8bliiah0SFOPN/1H4IS
h3zt4quVK43n+HsX6LMvPufS1uJIvcYpPICNSgCJrpbGyYMsT/GLXK3zRdmMyMSI
jeEZOizvvWbjtqujyWnse8apSqeT21glMgn9KrQiGU3HqZuONABiiuxQm+o/ZyzA
O2Jnh2+MMSrQio9kEnWwbA08MFIUJUC4F53uDTWAda6UqsPwhsazopCGsGAbUJ5F
1Y0wJu06m6gqCqBqWnzKJs/++FVBMxsybtyEmQ33vG5IeLcoes/W61Mj3F4rBTg0
j8NVgw/1byG3euzIwCZjTwKw6LGVZLQFsXU5loBf+lPTzFv4CzEE4ftK+fWZilA3
sqXRcCs8g29VrI2bQAA6Cyj3FjlfbGswv6Z8am7vlM2DaEHyQ+L1AE6kYTBKlam/
CEzmSMB12JzMhFVR
=7DLm
-----END PGP SIGNATURE-----