Accepted spice 0.12.5-1+deb8u2 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 06 Oct 2015 23:02:42 +0200
Source: spice
Binary: spice-client libspice-server1 libspice-server1-dbg libspice-server-dev
Architecture: source
Version: 0.12.5-1+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Liang Guo <guoliang@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 801089 801091
Description:
libspice-server-dev - Header files and development documentation for spice-server
libspice-server1 - Implements the server side of the SPICE protocol
libspice-server1-dbg - Debugging symbols for libspice-server1
spice-client - Implements the client side of the SPICE protocol
Changes:
spice (0.12.5-1+deb8u2) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add series of patches for CVE-2015-5260 and CVE-2015-6261.
CVE-2015-5260: insufficient validation of surface_id parameter can cause
crash. (Closes: #801089)
CVE-2015-5261: host memory access from guest using crafted images.
(Closes: #801091)
Checksums-Sha1:
5e2164701b4d53748cea23a39230c08bfcc14759 2355 spice_0.12.5-1+deb8u2.dsc
9df0315e5d107869b57960ac5954d9e2ba5abf36 24968 spice_0.12.5-1+deb8u2.debian.tar.xz
Checksums-Sha256:
9c68b917fe393e4544d2970ec5a5506d187a60194cb8ee958332488d5beeb13d 2355 spice_0.12.5-1+deb8u2.dsc
2941836cec7e3d4c9f2e46bb0c859fcc6cfb305ba1503e6f8317d90fc0b6d9ec 24968 spice_0.12.5-1+deb8u2.debian.tar.xz
Files:
6c1e0bbfcd8b651e193829d212d370bd 2355 misc optional spice_0.12.5-1+deb8u2.dsc
b4c866c1fd31f4fd54c65c41a68ddc4c 24968 misc optional spice_0.12.5-1+deb8u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWFDhoAAoJEAVMuPMTQ89Eq1EP/jQoKDKYj/IynAzE6E+6imLv
pbHb/ErLGn/mWaScc5B7d8Wpt/SMqI/7qYL863pHDSIM60r0m8lZg7aNdsNUXudJ
EKyqxGcwjtDtmX3TKrn6UTcTZoOESKX/yfZf3zaZr6uqISftfBzwlJGN2a/uwMRw
G0OMKDpMhEgTHdRZbvMtUNXr5d96hrUCvkkk7G/6Z1UmbmFjNNEPrJr4LVnLONMG
nfFyJVKfxZAZ9T3HLz2X+BLRh35eIO4rRSjjPOC14aY0udzT4vaPNFbSwBd+4wq1
3tzRgL+lLSaW3R+Pciejpmoz20Q3A3oFvWuSW6H9AVL/F+GLVhXy3+Y7DL3PD0q7
W/t7a7x5gRlqOQclu36FF992tH1RKtPcsJOwsn57pGkcURhdca2Bq3CIoyezc8QF
0JQ6Z4TNX2Og/ONWd8mhBrPy9YXPLuTbmxl5NJJuUdsmxRh7r81J+7+Z/nEpI3SM
5MdZjKw0q/BwciW+eIxjJGk2MKBhqKqrSxh+UmlJpar2wQPkgJnxxRAJIrOsY/dq
OkWU/sgkHc+G9uGP3/BTUBLs9MxWFy42igELKphfTio69KiR1vh8lvlehWBBYS/l
eN3wSSql8ylfgnn07mraWELNrjhGBN3/DEolkItVVhHx+ZYUCv9mz78A1yQg5Vmw
GFJiGKtJ6oX7uychO+mU
=gLq1
-----END PGP SIGNATURE-----
Reply to: