[ubuntu/artful-proposed] spice 0.12.8-2.1ubuntu0.1 (Accepted)

[Marc Deslauriers]

spice (0.12.8-2.1ubuntu0.1) artful; urgency=medium

  * SECURITY UPDATE: buffer overflow via invalid monitor configurations
    - debian/patches/CVE-2017-7506-1.patch: disconnect when receiving
      overly big ClientMonitorsConfig in server/reds.c.
    - debian/patches/CVE-2017-7506-2.patch: avoid integer overflows
      handling monitor configuration in server/reds.c.
    - debian/patches/CVE-2017-7506-3.patch: avoid buffer overflows handling
      monitor configuration in server/reds.c.
    - CVE-2017-7506

Date: Tue, 18 Jul 2017 13:30:46 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/spice/0.12.8-2.1ubuntu0.1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 18 Jul 2017 13:30:46 -0400
Source: spice
Binary: libspice-server1 libspice-server-dev
Architecture: source
Version: 0.12.8-2.1ubuntu0.1
Distribution: artful
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 libspice-server-dev - Header files and development documentation for spice-server
 libspice-server1 - Implements the server side of the SPICE protocol
Changes:
 spice (0.12.8-2.1ubuntu0.1) artful; urgency=medium
 .
   * SECURITY UPDATE: buffer overflow via invalid monitor configurations
     - debian/patches/CVE-2017-7506-1.patch: disconnect when receiving
       overly big ClientMonitorsConfig in server/reds.c.
     - debian/patches/CVE-2017-7506-2.patch: avoid integer overflows
       handling monitor configuration in server/reds.c.
     - debian/patches/CVE-2017-7506-3.patch: avoid buffer overflows handling
       monitor configuration in server/reds.c.
     - CVE-2017-7506
Checksums-Sha1:
 bf97c60a7fff81f428dc04eb9e0c0f3fed35a77d 2493 spice_0.12.8-2.1ubuntu0.1.dsc
 20316cae136e93c9f4183b7f35ccb0f4e89ddaf3 11648 spice_0.12.8-2.1ubuntu0.1.debian.tar.xz
 b80b6554d919c2f9f3104e9992602616aa00f52f 7388 spice_0.12.8-2.1ubuntu0.1_source.buildinfo
Checksums-Sha256:
 fef8ec4e4a57afe17f2503e4d00acb7b1a6a15ed8a8f943be1219a00d6add0fe 2493 spice_0.12.8-2.1ubuntu0.1.dsc
 2b3d4f8acb24fb95156c25d37b5ddcb6f14e5ca8f4d6c8eef15e30eb90e72fbd 11648 spice_0.12.8-2.1ubuntu0.1.debian.tar.xz
 57e8e66887d91128c98f1bb578201037170260ea61b04ab9fd9b6e86e7cfd74d 7388 spice_0.12.8-2.1ubuntu0.1_source.buildinfo
Files:
 6844dece821654ed40101bcb3779ad08 2493 misc optional spice_0.12.8-2.1ubuntu0.1.dsc
 c2630ad24b46fd0503ac0e3b40d1f272 11648 misc optional spice_0.12.8-2.1ubuntu0.1.debian.tar.xz
 04009f2f4a0fd027646f73284b174303 7388 misc optional spice_0.12.8-2.1ubuntu0.1_source.buildinfo
Original-Maintainer: Liang Guo <guoliang at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJZbloDAAoJEGVp2FWnRL6TNaUQAIzqj3wmJlHLGfP0VpwXpHQm
gRXt1lcyT84GUvLqE+NnFrkMESZz6ZNPGyzNXpxDVardT3x6u1WAto+isUEfeqLX
DYtQbLsUwFlOUFwoJ6jXBFrgpJ0UpZ+LMSJ7LHIZgEULb3joR7WSp2vnv/gddq2b
epO6aJ+pMLEHGhj/96PbiP7bcfasQdIQkH/MRu0XQaUd81Aokwt7n5roPaBz5Ons
kvAoRpHosswrbTEfjwpRV9bDrsa4VC34Sz48ZT3zfvwS9Ot4iTxmK1onF7jxDctE
92UbMcwTdJlB1AruuBM20h5rvr9/MF1M/AUlo5uFkAGlWNJMJRzKceRojoHAfiF+
NewyedSAt6dRbrz+S9DAF/+37ZLyCSOSNVfdzeweooa51szatdFH4RXq4Smbc/Ca
4VH4zKWVrTaq8Mrniux/QgDCBASmuPxtEXJJfjN+nxBu3REdA9urMlyz9+4OwprM
fbqISeYBh1Ae1wC1RGnm+b5PQWAabwV7jQ3vPCNVExgQxBA7IsEBWhWytXqB6D8f
FCJUA7MDT0CmymjYMT/6i1GxBmC3jN5ARZOa7Ej8FWb24GQrYPXB2fCdh94gAxwq
Fy0BBWt1QMMjbmMTSYkHX36FjkbzyCTqxEbAVCtZd3155iEObbUikguiZKjEEWu0
SRhsWUN5M7HvKLQfoTGZ
=iCTG
-----END PGP SIGNATURE-----