Bug#855258: unblock: spice/0.12.8-2.1
Control: tags -1 moreinfo
On 16/02/17 06:06, Salvatore Bonaccorso wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
>
> Hi
>
> Please unblock package spice
>
> It fixes two CVEs, CVE-2016-9577 CVE-2016-9578, reported by Moritz as
> #854336. Markus Kschany fixed it as:
>
> +spice (0.12.8-2.1) unstable; urgency=medium
> +
> + * Non-maintainer upload.
> + * Add CVE-2016-9577-and-CVE-2016-9578.patch:
> + - CVE-2016-9577: A buffer overflow vulnerability in
> + main_channel_alloc_msg_rcv_buf was found that occurs when reading large
> + messages due to missing buffer size check.
> + - CVE-2016-9578: A vulnerability was discovered in the server's
> + protocol handling. An attacker able to connect to the spice server could
> + send crafted messages which would cause the process to crash.
> + (Closes: #854336)
> +
> + -- Markus Koschany <apo@debian.org> Mon, 13 Feb 2017 21:42:01 +0100
>
> Attached the resulting debdiff from the version in testing.
>
> unblock spice/0.12.8-2.1
That failed to build on mips(64)el:
https://buildd.debian.org/status/package.php?p=spice
Cheers,
Emilio
Reply to: