Publishing details
Changelog
spice-vdagent (0.20.0-1ubuntu0.1~ubuntu20.04.1~ppa1) focal; urgency=medium
* No-change backport to focal
spice-vdagent (0.20.0-1ubuntu0.1) groovy-security; urgency=medium
* SECURITY UPDATE: Memory DoS via Arbitrary Entries in active_xfers Hash
Table
- debian/patches/CVE-2020-25650-1.patch: avoid agents allocating file
transfers in src/vdagentd/vdagentd.c.
- debian/patches/CVE-2020-25650-2.patch: avoid uncontrolled
active_xfers allocations in src/vdagentd/vdagentd.c.
- CVE-2020-25650
* SECURITY UPDATE: Possible File Transfer DoS and Information Leak via
active_xfers Hash Map
- debian/patches/CVE-2020-25651-1.patch: cleanup active_xfers when the
client disconnects in src/vdagentd/vdagentd.c.
- debian/patches/CVE-2020-25651-2.patch: do not allow using an already
used file-xfer id in src/vdagentd/vdagentd.c.
- CVE-2020-25651
* SECURITY UPDATE: Possibility to Exhaust File Descriptors in vdagentd
- debian/patches/CVE-2020-25652-1.patch: avoid unlimited agent
connections in src/udscs.c.
- debian/patches/CVE-2020-25652-2.patch: limit number of agents per
session to 1 in src/vdagentd/vdagentd.c.
- CVE-2020-25652
* SECURITY UPDATE: UNIX Domain Socket Peer PID Retrieved via SO_PEERCRED
is Subject to Race Condition
- debian/patches/CVE-2020-25653-1.patch: avoid user session hijacking
in src/vdagent-connection.c, src/vdagent-connection.h,
src/vdagentd/vdagentd.c.
- debian/patches/CVE-2020-25653-2.patch: better check for sessions in
src/vdagentd/console-kit.c, src/vdagentd/dummy-session-info.c,
src/vdagentd/session-info.h, src/vdagentd/systemd-login.c,
src/vdagentd/vdagentd.c.
- CVE-2020-25653
* Additional fixes:
- debian/patches/CVE-2020-2565x-1.patch: avoid calling chmod in
src/vdagentd/vdagentd.c.
spice-vdagent (0.20.0-1) unstable; urgency=medium
* Team upload.
* New upstream release
- Fix race fixes between client and guest clipboard (Closes: #854936)
- Bump libglib2.0-dev, libgtk-3-dev and libspice-protocol-dev BD
- Drop d/p/vdagentd-Fix-session-lookup-for-new-GNOME-versions.patch,
applied upstream
* debian/gbp.conf: Enable pristine-tar
* debian/control: Bump Standards-Version to 4.5.0 (no further changes)
* debian/rules: Do not pass --as-needed to the linker, this is the default now
* Import two patch from upstream to fix crash in containers and shutdown of
the daemon
-- Giacomo Tazzari <email address hidden> Wed, 04 Nov 2020 15:18:40 +0100
Builds
Built packages
-
spice-vdagent
Spice agent for Linux
Package files