[SECURITY] [DSA 3907-1] spice security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3907-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 11, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : spice
CVE ID : CVE-2017-7506
Frediano Ziglio discovered a buffer overflow in spice, a SPICE protocol
client and server library which may result in memory disclosure, denial
of service and potentially the execution of arbitrary code.
For the oldstable distribution (jessie), this problem has been fixed
in version 0.12.5-1+deb8u5.
For the stable distribution (stretch), this problem has been fixed in
version 0.12.8-2.1+deb9u1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your spice packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlllQ20ACgkQEMKTtsN8
TjbpaQ//ROlmyl4JVodVQAk8DjVYPogV48ec4deaK2eoUZjbdtnD7MMgbCVpfXwy
S28rbzVm8hLIq0Wkz7ypCRVF0PDtlAyY7xBgzRPwzeA6TmzZIh5DGHoX3vPEdCB5
i4nyYKvYJ6LZdtbAyWOIVfuJHAcOEKfNm5nAB2jTrb0zFOArzjYpIRM2qxPl4OPq
u+eFgFd0KF+VXoEPkuINl5FgRdO2ykWQUeP1U22KNUcR6cwWLLtpx+1E9eV5Y6RN
Ii3RzEJQLTmAemHE2cp19I66bbVWWtgUXFzePeNGr6zYM8K/o+g5O0dPdGbuo8Md
E3KUyQlBSLAm+fH1WPu59Q5HaQBPHy9jDMQHqeOLIB9/i75JQ5Y84he3FupsAvJl
EdbU/iAzc7mBCFfhec+rVZkabo/9GW4JeIH55fyeikcYDpqnzrr7NbAZMUz1XGtj
Lqv6mC5yG6WpFSq8rGyPjxKyUbzy37caB8E5M4rtP8Jk8QfXh2cheZ2T5LkvjjYA
AnAmTF4OF2cnwBwu3shzxWXxYx9ln8JNYywJJ/7qa/q8MZqWrEq9nMhR0CVqqim4
YEzRl2ztImL1RnA3JzbLDlC5k8jARs5gXOpAr0JfZRusk8+shnEY7YvxTRQtgjB7
GwfBPJ1eILuqpQiGSIyOvApUmoFKXCNB3miu2IyIBBdrszHGHkA=
=hBBD
-----END PGP SIGNATURE-----
Reply to: