-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 06 Oct 2015 23:02:42 +0200 Source: spice Binary: spice-client libspice-server1 libspice-server1-dbg libspice-server-dev Architecture: source Version: 0.12.5-1+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Liang Guo <guoliang@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 801089 801091 Description: libspice-server-dev - Header files and development documentation for spice-server libspice-server1 - Implements the server side of the SPICE protocol libspice-server1-dbg - Debugging symbols for libspice-server1 spice-client - Implements the client side of the SPICE protocol Changes: spice (0.12.5-1+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Add series of patches for CVE-2015-5260 and CVE-2015-6261. CVE-2015-5260: insufficient validation of surface_id parameter can cause crash. (Closes: #801089) CVE-2015-5261: host memory access from guest using crafted images. (Closes: #801091) Checksums-Sha1: 5e2164701b4d53748cea23a39230c08bfcc14759 2355 spice_0.12.5-1+deb8u2.dsc 9df0315e5d107869b57960ac5954d9e2ba5abf36 24968 spice_0.12.5-1+deb8u2.debian.tar.xz Checksums-Sha256: 9c68b917fe393e4544d2970ec5a5506d187a60194cb8ee958332488d5beeb13d 2355 spice_0.12.5-1+deb8u2.dsc 2941836cec7e3d4c9f2e46bb0c859fcc6cfb305ba1503e6f8317d90fc0b6d9ec 24968 spice_0.12.5-1+deb8u2.debian.tar.xz Files: 6c1e0bbfcd8b651e193829d212d370bd 2355 misc optional spice_0.12.5-1+deb8u2.dsc b4c866c1fd31f4fd54c65c41a68ddc4c 24968 misc optional spice_0.12.5-1+deb8u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWFDhoAAoJEAVMuPMTQ89Eq1EP/jQoKDKYj/IynAzE6E+6imLv pbHb/ErLGn/mWaScc5B7d8Wpt/SMqI/7qYL863pHDSIM60r0m8lZg7aNdsNUXudJ EKyqxGcwjtDtmX3TKrn6UTcTZoOESKX/yfZf3zaZr6uqISftfBzwlJGN2a/uwMRw G0OMKDpMhEgTHdRZbvMtUNXr5d96hrUCvkkk7G/6Z1UmbmFjNNEPrJr4LVnLONMG nfFyJVKfxZAZ9T3HLz2X+BLRh35eIO4rRSjjPOC14aY0udzT4vaPNFbSwBd+4wq1 3tzRgL+lLSaW3R+Pciejpmoz20Q3A3oFvWuSW6H9AVL/F+GLVhXy3+Y7DL3PD0q7 W/t7a7x5gRlqOQclu36FF992tH1RKtPcsJOwsn57pGkcURhdca2Bq3CIoyezc8QF 0JQ6Z4TNX2Og/ONWd8mhBrPy9YXPLuTbmxl5NJJuUdsmxRh7r81J+7+Z/nEpI3SM 5MdZjKw0q/BwciW+eIxjJGk2MKBhqKqrSxh+UmlJpar2wQPkgJnxxRAJIrOsY/dq OkWU/sgkHc+G9uGP3/BTUBLs9MxWFy42igELKphfTio69KiR1vh8lvlehWBBYS/l eN3wSSql8ylfgnn07mraWELNrjhGBN3/DEolkItVVhHx+ZYUCv9mz78A1yQg5Vmw GFJiGKtJ6oX7uychO+mU =gLq1 -----END PGP SIGNATURE-----