Publishing details

• Created on 2020-10-06 by Ubuntu Archive Auto-Sync
• Removed from disk on 2021-12-23.
• Removal requested on 2021-12-22.
• Published on 2020-10-06

Changelog

spice (0.14.3-1ubuntu2) groovy; urgency=medium

  * SECURITY UPDATE: multiple buffer overflows in QUIC image decoding
    - debian/patches/CVE-2020-14355-1.patch: check we have some data to
      start decoding quic image in subprojects/spice-common/common/quic.c.
    - debian/patches/CVE-2020-14355-2.patch: check image size in
      quic_decode_begin in subprojects/spice-common/common/quic.c.
    - debian/patches/CVE-2020-14355-3.patch: check RLE lengths in
      subprojects/spice-common/common/quic_tmpl.c.
    - debian/patches/CVE-2020-14355-4.patch: avoid possible buffer overflow
      in find_bucket in subprojects/spice-common/common/quic_family_tmpl.c.
    - CVE-2020-14355

 -- Marc Deslauriers <email address hidden>  Thu, 01 Oct 2020 07:00:18 -0400

Builds

• amd64
• arm64
• armhf
• ppc64el

Package files

• libspice-server-dev_0.14.3-1ubuntu2_amd64.deb (10.4 KiB)
• libspice-server-dev_0.14.3-1ubuntu2_arm64.deb (10.4 KiB)
• libspice-server-dev_0.14.3-1ubuntu2_armhf.deb (10.4 KiB)
• libspice-server-dev_0.14.3-1ubuntu2_ppc64el.deb (10.4 KiB)
• libspice-server1-dbgsym_0.14.3-1ubuntu2_amd64.ddeb (1.7 MiB)
• libspice-server1-dbgsym_0.14.3-1ubuntu2_arm64.ddeb (1.6 MiB)
• libspice-server1-dbgsym_0.14.3-1ubuntu2_armhf.ddeb (1.6 MiB)
• libspice-server1-dbgsym_0.14.3-1ubuntu2_ppc64el.ddeb (1.8 MiB)
• libspice-server1_0.14.3-1ubuntu2_amd64.deb (332.1 KiB)
• libspice-server1_0.14.3-1ubuntu2_arm64.deb (299.8 KiB)
• libspice-server1_0.14.3-1ubuntu2_armhf.deb (284.4 KiB)
• libspice-server1_0.14.3-1ubuntu2_ppc64el.deb (367.2 KiB)
• spice_0.14.3-1ubuntu2.debian.tar.xz (18.4 KiB)
• spice_0.14.3-1ubuntu2.dsc (2.7 KiB)
• spice_0.14.3.orig.tar.bz2 (1.4 MiB)