-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 03 Jan 2014 17:52:06 +0100 Source: spice Binary: spice-client libspice-server1 libspice-server-dev Architecture: source amd64 Version: 0.11.0-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Liang Guo <guoliang@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Description: libspice-server-dev - Header files and development documentation for spice-server libspice-server1 - Implements the server side of the SPICE protocol spice-client - Implements the client side of the SPICE protocol Closes: 717030 728314 Changes: spice (0.11.0-1+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2013-4130.patch patch. CVE-2013-4130: unsafe clients ring access abort. An user able to initiate spice connection to the guest could use this flaw to crash the guest. (Closes: #717030) * Add CVE-2013-4282.patch patch. CVE-2013-4282: Fix buffer overflow when decrypting client SPICE ticket. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application. (Closes: #728314) Checksums-Sha1: 761c8f2e9f1758b9f161f65589b1afb4f34b7aa4 2293 spice_0.11.0-1+deb7u1.dsc 889f96c26645b6cb050ddb0e3828a13ac29affe7 1442150 spice_0.11.0.orig.tar.bz2 aa5350fae2e61b6770929fce929b223249962bc0 21976 spice_0.11.0-1+deb7u1.debian.tar.gz c40ce9de81192e42637609a5482eeebd741b1c6b 438090 spice-client_0.11.0-1+deb7u1_amd64.deb 37dadf12d16cae7f381a57688643d1667581e3b8 376264 libspice-server1_0.11.0-1+deb7u1_amd64.deb bcbedcaa73a5737412c4161a20eddb44710bfba0 455444 libspice-server-dev_0.11.0-1+deb7u1_amd64.deb Checksums-Sha256: 64a589c624c15e6151d79395fe1d3d390e5a7cf8906d4c1f45fac2567197f348 2293 spice_0.11.0-1+deb7u1.dsc 7c906ffe9723a781fbbde5a97d9693f720dd58923b91a574af7edb60120c56a5 1442150 spice_0.11.0.orig.tar.bz2 05aed9c7bb96e1d39be76d69c97c61620399b9bb0fb58da6bebfe983b26e7f1e 21976 spice_0.11.0-1+deb7u1.debian.tar.gz c0322a592508478806b634862e490b71e492a878187a4ffb491489d5c8339235 438090 spice-client_0.11.0-1+deb7u1_amd64.deb 704648e0b4c669d434e7bff59537d562e003368afb18784588af4326e8c2ff3e 376264 libspice-server1_0.11.0-1+deb7u1_amd64.deb b926e96c5457069f969024f1781c7018906367c5490bb3cf2c4eec2abee5802e 455444 libspice-server-dev_0.11.0-1+deb7u1_amd64.deb Files: 67dc44a3a5bdcebca774bad24040d75a 2293 misc optional spice_0.11.0-1+deb7u1.dsc 1d36b7bba386caeb7f65a5d986c78070 1442150 misc optional spice_0.11.0.orig.tar.bz2 b558c875d893e48886ec52f11b0cc843 21976 misc optional spice_0.11.0-1+deb7u1.debian.tar.gz e6578df68daea002f50cd66916d0cd9d 438090 misc optional spice-client_0.11.0-1+deb7u1_amd64.deb 92f6d4850ad05e55b6efb929d92bd5c3 376264 libs optional libspice-server1_0.11.0-1+deb7u1_amd64.deb d2e36a0f017c21987aa01e437fb4d9ee 455444 libdevel optional libspice-server-dev_0.11.0-1+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCgAGBQJSyXU6AAoJEAVMuPMTQ89Eyl8P/2gLryVZySlMJpvKgAaMSLQM pccHcOqok95W/QQouWR94k9Vo1jyea50yCkzrjfB3WDz7N02ePMENuxmJvf3M2uk hRJ+eLdJpbHsa/eVlpy2PfiHsWkxKfdF40I8T0fXEpXsiAZn8g9bEeqsSMdItlSB 4967sFtt7r944EDhw0jwVB/lJamwZApaRcS9btxaSDt0Y8aITDRXwOUhzVguX/R5 JCQ50L3HHwcp/HxrZVItTvkmpQVG5X1WT6sMJ1XiqWg6T4LBdgjAUxRpCGKvBWJF 18uRwhU1oZpFwHSbYfENouGO0kMhgvDmWcSi92tOeoYlm39AEESqjRXCNkOQYRgH KVOAwH57vBXfiEdivmaXwnPP2F9zOK5aMjRWadQVLEPFF1v7AFx4E70Ip497MzoJ in8Q8IsvZBmPzm3ORiJh/UBvR6l9GBCtc5ue/wqUpcfZq7PW8yg6R4sN43stk2BX FQV39C/xCZtdfVGSeaHj2YJDcfn7cw6RdweO6iHp4ysT30v4xw4Zft3QHviR8HG3 zUiN1aqxFmkU4NETHS8yIyac3n+3Pn5UlZuXfs54WTjRz8OiD8ezYbXAz5/DLW40 04lTYNmLfBl/uA4ccnTQC0fCbTZlLxtmdEnn/kNgTzSUuL7eoqsG4eu14OvtAejw vF34Gzj7hZlhW3NIc4e7 =pH/i -----END PGP SIGNATURE-----
