Publishing details

Removed from disk on 2018-01-22.
Removal requested on 2018-01-22.
Published on 2016-06-21
Copied from ubuntu wily in PPA for Ubuntu Security Proposed by Ubuntu Archive Robot

Changelog

spice (0.12.5-1.1ubuntu2.1) wily-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    memory allocation flaw in smartcard interaction
    - debian/patches/CVE-2016-0749/*.patch: add a ref to item and allocate
      msg with the expected size in server/smartcard.c.
    - CVE-2016-0749
  * SECURITY UPDATE: host memory access from guest with invalid primary
    surface parameters
    - debian/patches/CVE-2016-2150/*.patch: create a function to validate
      surface parameters in server/red_parse_qxl.*, improve primary surface
      parameter checks in server/red_worker.c.
    - CVE-2016-2150
  * Added two extra commits to previous security update:
    - 0001-worker-validate-correctly-surfaces.patch
    - 0002-worker-avoid-double-free-or-double-create-of-surface.patch

 -- Marc Deslauriers <email address hidden>  Fri, 10 Jun 2016 10:54:26 -0400

Publishing details

Changelog

Available diffs

Builds

Package files