[ubuntu/cosmic-proposed] spice 0.14.0-1ubuntu3 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Wed May 23 19:23:16 UTC 2018
spice (0.14.0-1ubuntu3) cosmic; urgency=medium
* SECURITY UPDATE: Integer overflow and buffer overflow
- debian/patches/CVE-2017-12194-1.patch: fix a integer overflow
computing sizes in spice-common/python_modules/demarshal.py.
- debian/patches/CVE-2017-12194-2.patch: avoid integer overflow
in spice-common/python_modules/demarshal.py,
spice-common/python_modules/marshal.py.
- debian/patches/CVE-2017-12194-3.patch: add tests to verify fix.
- CVE-2017-12194
Date: Tue, 22 May 2018 14:53:01 -0300
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/spice/0.14.0-1ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 22 May 2018 14:53:01 -0300
Source: spice
Binary: libspice-server1 libspice-server-dev
Architecture: source
Version: 0.14.0-1ubuntu3
Distribution: cosmic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Leonidas S. Barbosa <leo.barbosa at canonical.com>
Description:
libspice-server-dev - Header files and development documentation for spice-server
libspice-server1 - Implements the server side of the SPICE protocol
Changes:
spice (0.14.0-1ubuntu3) cosmic; urgency=medium
.
* SECURITY UPDATE: Integer overflow and buffer overflow
- debian/patches/CVE-2017-12194-1.patch: fix a integer overflow
computing sizes in spice-common/python_modules/demarshal.py.
- debian/patches/CVE-2017-12194-2.patch: avoid integer overflow
in spice-common/python_modules/demarshal.py,
spice-common/python_modules/marshal.py.
- debian/patches/CVE-2017-12194-3.patch: add tests to verify fix.
- CVE-2017-12194
Checksums-Sha1:
0d32e5fabc30313ddbe3f1d1fd28ca411cd8ae55 2741 spice_0.14.0-1ubuntu3.dsc
4a47e1ff4585cff6f7212368e552ea379d19c1aa 17852 spice_0.14.0-1ubuntu3.debian.tar.xz
7f9dc83659dd95984d9ed0984ae83348ec4668d7 14931 spice_0.14.0-1ubuntu3_source.buildinfo
Checksums-Sha256:
d3daa3da9359fdc9fd5de344b42bf9686839b9ded96412851e3bd41e053677b0 2741 spice_0.14.0-1ubuntu3.dsc
88d0be84908962bcf95582b75a2d7bf9bc2d1643132baebe3bff63065a03664a 17852 spice_0.14.0-1ubuntu3.debian.tar.xz
282d46d566ccedda230d031839b53e7e000db4d986e63dce53590ac1217a1393 14931 spice_0.14.0-1ubuntu3_source.buildinfo
Files:
c79f6d83d2204aa9c3877c3c51f1816d 2741 misc optional spice_0.14.0-1ubuntu3.dsc
172001c205efaadf25c207db91ed27a3 17852 misc optional spice_0.14.0-1ubuntu3.debian.tar.xz
070cef2c99e35d658a93241f4d4f08e8 14931 misc optional spice_0.14.0-1ubuntu3_source.buildinfo
Original-Maintainer: Liang Guo <guoliang at debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlsFvfYACgkQZWnYVadE
vpPxEg//acfkn1ifJYb7srKEOOK9z3HZkOvw2hZZrCrX1+u5Vud2THyH09T/pe75
oDrw68HY9TD5xdSUN6baC1S8lCqgTDwhWh5gSSUlU9IPxsbIuKsRwN6WFg1R1+ak
5Kl++vfrDcGt/zG1/JBR33tFyu8Bp+hr0sJhB+gKhcRlUlrTkL5Ucis1CIvecpjD
LVIJmnCgsBS4XIBfpy3W8LUR0AEPfSEBuL8D8AFxdT5UbS5ZmzmRUFeUsH7+Fb38
cR1yeIuxS4sk7FY6NwKkZNKh+//h40KedXoP3KzbuCOn5Ke9Sy/C5DqljoN0PzET
KLv/5ZtB7Ix7LLN25OgZDkPu4ErEn20Fyj+7hpajUY8u8owCaQcrKy7hYxbQCfEI
HEYtR7K4jvgM2zIiY5ulVfjd4YsikBqdzbJymyjaJppnIi84zWfXRi54V/jE23KP
9+4ibOyxowVgtTh6fkwxUnDEBjTrbeGXtyIWOJjTvTo7V9HCaaE8cJmgnFKgzzml
vhIIauAd0JkCfaazIfIjU0UXIa9VGCbVZwSGfV0O4KS/yKxhtqWs6L/6YxzDS2WU
EF2dLNYOXMLRFONxhhhK2ev7V+UpKprxszHbvI6VGj97jOnputqMAKDj+Rqwh7zG
kfJXMJHQe5WXqYdco2iyiDBDpKZfGU900LoADU1dvIhldHrC1TM=
=1kxO
-----END PGP SIGNATURE-----
More information about the Cosmic-changes
mailing list