Accepted spice 0.14.0-1.3+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 05 Oct 2020 09:31:09 +0200
Source: spice
Architecture: source
Version: 0.14.0-1.3+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Liang Guo <guoliang@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
spice (0.14.0-1.3+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* quic: Check we have some data to start decoding quic image
(CVE-2020-14355)
* quic: Check image size in quic_decode_begin (CVE-2020-14355)
* quic: Check RLE lengths (CVE-2020-14355)
* quic: Avoid possible buffer overflow in find_bucket (CVE-2020-14355)
Checksums-Sha1:
3f2bc9790266e9ec8644108067209d0df61fccd0 2842 spice_0.14.0-1.3+deb10u1.dsc
93e42588d1aac0a3c127ada1e5d8f40be84776a9 1330195 spice_0.14.0.orig.tar.bz2
31c7e25eb47b001a8600dc0469d1fd118ebb57de 21832 spice_0.14.0-1.3+deb10u1.debian.tar.xz
Checksums-Sha256:
96f305ce0ae1cc09c61146b6c970c7a1ecca69ec4e82b46005a44c5577f6e742 2842 spice_0.14.0-1.3+deb10u1.dsc
3adb9495b51650e5eab53c74dd6a74919af4b339ff21721d9ab2a45b2e3bb848 1330195 spice_0.14.0.orig.tar.bz2
08ae1cdbbc144374f07dae42e642f8d23ba053c5d5570e104c0cc1a23b5b0f2d 21832 spice_0.14.0-1.3+deb10u1.debian.tar.xz
Files:
5102d8ad47b79c1ef4b1e5bbb8e6936c 2842 misc optional spice_0.14.0-1.3+deb10u1.dsc
6622aa7dfb5cd026a4d0d7e659216d26 1330195 misc optional spice_0.14.0.orig.tar.bz2
e332aa4d6db970eb85a245c334474cfb 21832 misc optional spice_0.14.0-1.3+deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl+Bg0dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EkrIP/RHTKG/zc6ghV5XBvQ7FgbDYe7DTHZLL
Cyb9oM7dKQEi2GZQbxFhlHQ+CpMkuWvWRsXnLXr3uHpHjMz+PTiig0D3wj+zPJ71
e8x/v3s4v7EIKneNQ0crnPKtpOKyVfPD4D2VwCFjmyIyTui8bY6+HYf22P8KgVPa
wWa3uegt6+UHE2YZT5RGTS5F2h3HwPGdX5oYRmJSNctw07zXssMypEpN3XIrSkGm
kcBxeeWp/Whjez3XY8NYuHHqJBlhOLHYG5MuO+DG0p28SVTfnnbdnEmsn5f8OOCO
so4owWH+8yHWa+Sc4cWgpw8b5X+ALGjA0PbS32lSAP6xgQGqY0zU7YNcJnuC4xY4
QywIz0+bZYO5nto5mFHITPA8o98RBW3NBUtKpN49jfYMmjf/DOkybRMCJwobVh3c
pYyNDtkEgAHXiMETbbb05V10HTbD5IhfKd3r6x3ji/uc1wSvxXFEei5bmvVP+u3g
u6Gs9bqAUEI+LMMPPI4eYFFG5B/nJMRc4WN12VlwgD5ufhBQAHZJl/IJsxMAYYeX
HPM3Iusy1TBnStK+tCoefQtiegcnCo05tURbUpDdPi9kIZ9hnljhJzsnscaspJVO
paE3i1Fx2j1B1Q+NFX020RIvZAy0Qht7UBSzqshrl/AN/omxKlPfWuWVg5HSJPbQ
m+kH9+JxCOOb
=8tOm
-----END PGP SIGNATURE-----
Reply to: