spice (0.14.3-1ubuntu2) groovy; urgency=medium
* SECURITY UPDATE: multiple buffer overflows in QUIC image decoding
- debian/patches/CVE-2020-14355-1.patch: check we have some data to
start decoding quic image in subprojects/spice-common/common/quic.c.
- debian/patches/CVE-2020-14355-2.patch: check image size in
quic_decode_begin in subprojects/spice-common/common/quic.c.
- debian/patches/CVE-2020-14355-3.patch: check RLE lengths in
subprojects/spice-common/common/quic_tmpl.c.
- debian/patches/CVE-2020-14355-4.patch: avoid possible buffer overflow
in find_bucket in subprojects/spice-common/common/quic_family_tmpl.c.
- CVE-2020-14355
-- Marc Deslauriers <email address hidden> Thu, 01 Oct 2020 07:00:18 -0400