-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 17 Feb 2017 00:22:08 +0100 Source: spice Binary: spice-client libspice-server1 libspice-server-dev Architecture: source amd64 Version: 0.11.0-1+deb7u4 Distribution: wheezy-security Urgency: high Maintainer: Liang Guo <guoliang@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libspice-server-dev - Header files and development documentation for spice-server libspice-server1 - Implements the server side of the SPICE protocol spice-client - Implements the client side of the SPICE protocol Closes: 854336 Changes: spice (0.11.0-1+deb7u4) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Add CVE-2016-9577-and-CVE-2016-9578.patch: - CVE-2016-9577: A buffer overflow vulnerability in main_channel_alloc_msg_rcv_buf was found that occurs when reading large messages due to missing buffer size check. - CVE-2016-9578: A vulnerability was discovered in the server's protocol handling. An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. (Closes: #854336) Checksums-Sha1: adb2c01f4cc827be5456bad0272a951987224554 2441 spice_0.11.0-1+deb7u4.dsc 2c26e66e0e57f0c0037eaae81f04d8d19b044aca 35640 spice_0.11.0-1+deb7u4.debian.tar.gz 55823a7eb6adddd5290a2a8337baf6a08b959c5f 439286 spice-client_0.11.0-1+deb7u4_amd64.deb 903acb2e410cf022e5026e5f5ffc3b8765ae20f7 377032 libspice-server1_0.11.0-1+deb7u4_amd64.deb bd58c3681d9f427c1af57b8be14dccebd0c6f014 458250 libspice-server-dev_0.11.0-1+deb7u4_amd64.deb Checksums-Sha256: 45e47313b2d07951197425db10427db102a05ab1af4c13e72aaaec8531dcdcd6 2441 spice_0.11.0-1+deb7u4.dsc 218878e8bc1498cf263ddffac5adb12fe20f9bd3f3ab04f0f330587ffc8eacff 35640 spice_0.11.0-1+deb7u4.debian.tar.gz c814a125d8bdc94b7bbbe78b8dcfb008ff258107cace6498ac0de037324832d6 439286 spice-client_0.11.0-1+deb7u4_amd64.deb f2247eb93c3e6d8f3f62df7ca2600266e186bdddac04e3a5d3f8a1732b4f2104 377032 libspice-server1_0.11.0-1+deb7u4_amd64.deb 9e99b2dadb599b6f08e57c2611c4f78bd971420a56e8109b49e595da36b507f3 458250 libspice-server-dev_0.11.0-1+deb7u4_amd64.deb Files: 6c0f5a620b191c7965385c38953822e7 2441 misc optional spice_0.11.0-1+deb7u4.dsc 69eeecd074349ac184838f984bb4a82f 35640 misc optional spice_0.11.0-1+deb7u4.debian.tar.gz 71162084b6aaeeab290c28956034df01 439286 misc optional spice-client_0.11.0-1+deb7u4_amd64.deb 26a93ca929bdc9ac2283c6f355c9c0ca 377032 libs optional libspice-server1_0.11.0-1+deb7u4_amd64.deb 4210d242374e1f4d23f221bd33ca629e 458250 libdevel optional libspice-server-dev_0.11.0-1+deb7u4_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlimOdVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkRjcP/jOfv9HEU+xOIjoX7Z5NiW3RYLk+PUxmt/Wf BS/Ue+R8sMW9CsHGE5EeJw4a34zwlRBfFOmEMxAyqp+q1CnwVZ2/njlmTujhZJjV KA6917O7fsh8ac3qPM5FteQI+P7IL23iijerPMy7ZPGZmvP0UykCMqR0F02pmSqx bsNQ4RnbNWQ/tjdCBpPrN4xRYjQyEgZ5VS7CDW7RhLBAID+vPPIoRGabckim7WqS PQ50+OG+UkVE7fLZHtZ883NdhTIv2h3USTa8mBrZwPPUZOmfwhD8MRCHri8LN+SS V6VfkVjYiSQ3BYhrIkJsdiU7nCdcZFioElWxK765HFVB5TPZvBpw4JE6h0MtTVeN /sPmcHg3XSBCJ5s2i+se1Je4NkqU1ulPlFHmcgktthWpat3RnYY/rI4fAmoD51kf eG1EFe2kL+/s0suM7CD5QtOJijlNvG+aq+WXTvIylqKrn0c9Z2x86Se240fjhiq8 8ZGh1czYXuEGoK1aexh4gNhPGcm18NlkEsGWDjIWiqhjB7g2HigSFMyw4pmWlljS KZw/ML/xVsjg2i8jaxd/SPdY1rAfVAum/oHqQWqlzoxS0v0foptctM84oumpimms pqldRG1GwE+PAAz8V1Lpc/zh1kTIMP/MsX+TIUso+4ur0hy55mAMdwY6Ga13kr8f r7enLmGx =OpdN -----END PGP SIGNATURE-----