-
spice (0.12.6-4ubuntu0.5) xenial-security; urgency=medium
* SECURITY UPDATE: multiple buffer overflows in QUIC image decoding
- debian/patches/CVE-2020-14355-1.patch: check we have some data to
start decoding quic image in spice-common/common/quic.c.
- debian/patches/CVE-2020-14355-2.patch: check image size in
quic_decode_begin in spice-common/common/quic.c.
- debian/patches/CVE-2020-14355-3.patch: check RLE lengths in
spice-common/common/quic_tmpl.c.
- debian/patches/CVE-2020-14355-4.patch: avoid possible buffer overflow
in find_bucket in spice-common/common/quic_family_tmpl.c.
- CVE-2020-14355
-- Marc Deslauriers <email address hidden> Thu, 01 Oct 2020 07:15:42 -0400
-
spice (0.12.6-4ubuntu0.4) xenial-security; urgency=medium
* SECURITY UPDATE: off-by-one error in memslot_get_virt
- debian/patches/CVE-2019-3813.patch: fix checks in
server/red_memslots.c.
- CVE-2019-3813
-- Marc Deslauriers <email address hidden> Thu, 24 Jan 2019 09:45:07 -0500
-
spice (0.12.6-4ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: buffer overflow via invalid monitor configurations
- debian/patches/CVE-2017-7506-1.patch: disconnect when receiving
overly big ClientMonitorsConfig in server/reds.c.
- debian/patches/CVE-2017-7506-2.patch: avoid integer overflows
handling monitor configuration in server/reds.c.
- debian/patches/CVE-2017-7506-3.patch: avoid buffer overflows handling
monitor configuration in server/reds.c.
- CVE-2017-7506
-- Marc Deslauriers <email address hidden> Tue, 18 Jul 2017 13:34:33 -0400
-
spice (0.12.6-4ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: overflow when reading large messages
- debian/patches/CVE-2016-9577.patch: check size in
server/main_channel.c.
- CVE-2016-9577
* SECURITY UPDATE: DoS via crafted message
- debian/patches/CVE-2016-9578-1.patch: limit size in server/reds.c.
- debian/patches/CVE-2016-9578-2.patch: limit caps in server/reds.c.
- CVE-2016-9578
-- Marc Deslauriers <email address hidden> Wed, 15 Feb 2017 14:02:33 -0500
-
spice (0.12.6-4ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
memory allocation flaw in smartcard interaction
- debian/patches/CVE-2016-0749/*.patch: add a ref to item and allocate
msg with the expected size in server/smartcard.c.
- CVE-2016-0749
* SECURITY UPDATE: host memory access from guest with invalid primary
surface parameters
- debian/patches/CVE-2016-2150/*.patch: create a function to validate
surface parameters in server/red_parse_qxl.*, improve primary surface
parameter checks in server/red_worker.c.
- CVE-2016-2150
-- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 10:12:39 -0400
-
spice (0.12.6-4) unstable; urgency=medium
* stop depending libspice-server-dev on libcacard-dev (#802413).
Instead, remove mention of libcacard from the .pc file, as it
is not actually used when building with libspice-server.
* remove Requires.private defs from .pc file -- we're not building static
libs, but if Requires.private is present, pkg-config requires the other
.pc files to be present too, which is wrong (Closes: #803926)
-- Michael Tokarev <email address hidden> Fri, 06 Nov 2015 10:43:55 +0300
-
spice (0.12.5-1.1ubuntu2) wily; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/CVE-2015-526x/*.patch: apply series of patches from
Red Hat to fix overflows, race conditions, memory leaks and denial of
service issues.
- CVE-2015-5260
- CVE-2015-5261
-- Marc Deslauriers <email address hidden> Mon, 19 Oct 2015 12:29:46 -0400