-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 05 Oct 2020 09:31:09 +0200 Source: spice Architecture: source Version: 0.14.0-1.3+deb10u1 Distribution: buster-security Urgency: high Maintainer: Liang Guo <guoliang@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Changes: spice (0.14.0-1.3+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * quic: Check we have some data to start decoding quic image (CVE-2020-14355) * quic: Check image size in quic_decode_begin (CVE-2020-14355) * quic: Check RLE lengths (CVE-2020-14355) * quic: Avoid possible buffer overflow in find_bucket (CVE-2020-14355) Checksums-Sha1: 3f2bc9790266e9ec8644108067209d0df61fccd0 2842 spice_0.14.0-1.3+deb10u1.dsc 93e42588d1aac0a3c127ada1e5d8f40be84776a9 1330195 spice_0.14.0.orig.tar.bz2 31c7e25eb47b001a8600dc0469d1fd118ebb57de 21832 spice_0.14.0-1.3+deb10u1.debian.tar.xz Checksums-Sha256: 96f305ce0ae1cc09c61146b6c970c7a1ecca69ec4e82b46005a44c5577f6e742 2842 spice_0.14.0-1.3+deb10u1.dsc 3adb9495b51650e5eab53c74dd6a74919af4b339ff21721d9ab2a45b2e3bb848 1330195 spice_0.14.0.orig.tar.bz2 08ae1cdbbc144374f07dae42e642f8d23ba053c5d5570e104c0cc1a23b5b0f2d 21832 spice_0.14.0-1.3+deb10u1.debian.tar.xz Files: 5102d8ad47b79c1ef4b1e5bbb8e6936c 2842 misc optional spice_0.14.0-1.3+deb10u1.dsc 6622aa7dfb5cd026a4d0d7e659216d26 1330195 misc optional spice_0.14.0.orig.tar.bz2 e332aa4d6db970eb85a245c334474cfb 21832 misc optional spice_0.14.0-1.3+deb10u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl+Bg0dfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EkrIP/RHTKG/zc6ghV5XBvQ7FgbDYe7DTHZLL Cyb9oM7dKQEi2GZQbxFhlHQ+CpMkuWvWRsXnLXr3uHpHjMz+PTiig0D3wj+zPJ71 e8x/v3s4v7EIKneNQ0crnPKtpOKyVfPD4D2VwCFjmyIyTui8bY6+HYf22P8KgVPa wWa3uegt6+UHE2YZT5RGTS5F2h3HwPGdX5oYRmJSNctw07zXssMypEpN3XIrSkGm kcBxeeWp/Whjez3XY8NYuHHqJBlhOLHYG5MuO+DG0p28SVTfnnbdnEmsn5f8OOCO so4owWH+8yHWa+Sc4cWgpw8b5X+ALGjA0PbS32lSAP6xgQGqY0zU7YNcJnuC4xY4 QywIz0+bZYO5nto5mFHITPA8o98RBW3NBUtKpN49jfYMmjf/DOkybRMCJwobVh3c pYyNDtkEgAHXiMETbbb05V10HTbD5IhfKd3r6x3ji/uc1wSvxXFEei5bmvVP+u3g u6Gs9bqAUEI+LMMPPI4eYFFG5B/nJMRc4WN12VlwgD5ufhBQAHZJl/IJsxMAYYeX HPM3Iusy1TBnStK+tCoefQtiegcnCo05tURbUpDdPi9kIZ9hnljhJzsnscaspJVO paE3i1Fx2j1B1Q+NFX020RIvZAy0Qht7UBSzqshrl/AN/omxKlPfWuWVg5HSJPbQ m+kH9+JxCOOb =8tOm -----END PGP SIGNATURE-----