-
spice (0.14.0-1ubuntu2.5) bionic-security; urgency=medium
* SECURITY UPDATE: multiple buffer overflows in QUIC image decoding
- debian/patches/CVE-2020-14355-1.patch: check we have some data to
start decoding quic image in spice-common/common/quic.c.
- debian/patches/CVE-2020-14355-2.patch: check image size in
quic_decode_begin in spice-common/common/quic.c.
- debian/patches/CVE-2020-14355-3.patch: check RLE lengths in
spice-common/common/quic_tmpl.c.
- debian/patches/CVE-2020-14355-4.patch: avoid possible buffer overflow
in find_bucket in spice-common/common/quic_family_tmpl.c.
- CVE-2020-14355
-- Marc Deslauriers <email address hidden> Thu, 01 Oct 2020 07:12:53 -0400
-
spice (0.14.0-1ubuntu2.4) bionic-security; urgency=medium
* SECURITY UPDATE: off-by-one error in memslot_get_virt
- debian/patches/CVE-2019-3813.patch: fix checks in server/memslot.c,
add tests to server/tests/test-qxl-parsing.c.
- CVE-2019-3813
* debian/tests/automated-tests: fix incorrect test name, don't fail on
build writing to stderr.
-- Marc Deslauriers <email address hidden> Thu, 24 Jan 2019 09:00:10 -0500
-
spice (0.14.0-1ubuntu2.2) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-10873.patch: fix in
spice-common/python_modules/demarshal.py,
- CVE-2018-10873
-- <email address hidden> (Leonidas S. Barbosa) Mon, 20 Aug 2018 15:44:02 -0300
-
spice (0.14.0-1ubuntu2.1) bionic-security; urgency=medium
* SECURITY UPDATE: Integer overflow and buffer overflow
- debian/patches/CVE-2017-12194-1.patch: fix a integer overflow
computing sizes in spice-common/python_modules/demarshal.py.
- debian/patches/CVE-2017-12194-2.patch: avoid integer overflow
in spice-common/python_modules/demarshal.py,
spice-common/python_modules/marshal.py.
- debian/patches/CVE-2017-12194-3.patch: add tests to verify fix.
- CVE-2017-12194
-- <email address hidden> (Leonidas S. Barbosa) Tue, 22 May 2018 14:33:20 -0300
-
spice (0.14.0-1ubuntu2) bionic; urgency=high
* No change rebuild against openssl1.1.
-- Dimitri John Ledkov <email address hidden> Tue, 06 Feb 2018 17:55:31 +0000
-
spice (0.14.0-1ubuntu1) bionic; urgency=medium
* Don't recommend -ugly or -libav gstreamer plugins since they
are in universe
-- Jeremy Bicha <email address hidden> Wed, 01 Nov 2017 21:55:03 -0400
-
spice (0.14.0-1) unstable; urgency=medium
* New upstream release
* debian/copyright: refresh
* debian/control:
- Add liborc-0.4-dev to Build-Depends
- Update Build-Depends on debhelper to >= 10
- Remove dh-autoreconf from Build-Depends
- Bump Standards-Version to 4.1.1 (no changes)
- Use https in Homepage
* debian/compat, bump to 10
* debian/watch, switch to https
-- Liang Guo <email address hidden> Thu, 19 Oct 2017 14:35:54 +0800
-
spice (0.12.8-2.2) unstable; urgency=medium
* Non-maintainer upload.
* Fix CVE-2017-7506: (Closes: #868083)
Possible buffer overflow via invalid monitor configurations.
-- Markus Koschany <email address hidden> Fri, 21 Jul 2017 23:34:38 +0200
