Debian Package Tracker
Register | Log in
Subscribe

spice-vdagent

Spice agent for Linux

Choose email to subscribe with

general
  • source: spice-vdagent (main)
  • version: 0.23.0-2
  • maintainer: Abhijith PA (DMD)
  • arch: any
  • std-ver: 4.7.2
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 0.20.0-2
  • oldstable: 0.22.1-3
  • stable: 0.22.1-4.1
  • testing: 0.23.0-2
  • unstable: 0.23.0-2
versioned links
  • 0.20.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.22.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.22.1-4.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.23.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • spice-vdagent (5 bugs: 0, 5, 0, 0)
action needed
2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:
  • CVE-2026-57965: A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service (DoS) for the virtual machine. This issue requires the SPICE host to be untrusted or compromised for exploitation.
  • CVE-2026-57966: A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized before being used. An attacker could exploit this to write to sensitive locations with the privileges of the spice-vdagent process, typically the logged-in user. This issue requires the SPICE host to be untrusted or compromised for exploitation.
Created: 2026-06-29 Last update: 2026-07-06 11:00
2 security issues in forky high

There are 2 open security issues in forky.

2 important issues:
  • CVE-2026-57965: A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service (DoS) for the virtual machine. This issue requires the SPICE host to be untrusted or compromised for exploitation.
  • CVE-2026-57966: A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized before being used. An attacker could exploit this to write to sensitive locations with the privileges of the spice-vdagent process, typically the logged-in user. This issue requires the SPICE host to be untrusted or compromised for exploitation.
Created: 2026-06-29 Last update: 2026-07-06 11:00
2 security issues in bullseye high

There are 2 open security issues in bullseye.

2 important issues:
  • CVE-2026-57965: A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service (DoS) for the virtual machine. This issue requires the SPICE host to be untrusted or compromised for exploitation.
  • CVE-2026-57966: A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized before being used. An attacker could exploit this to write to sensitive locations with the privileges of the spice-vdagent process, typically the logged-in user. This issue requires the SPICE host to be untrusted or compromised for exploitation.
Created: 2026-06-29 Last update: 2026-07-06 11:00
2 security issues in bookworm high

There are 2 open security issues in bookworm.

2 important issues:
  • CVE-2026-57965: A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service (DoS) for the virtual machine. This issue requires the SPICE host to be untrusted or compromised for exploitation.
  • CVE-2026-57966: A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized before being used. An attacker could exploit this to write to sensitive locations with the privileges of the spice-vdagent process, typically the logged-in user. This issue requires the SPICE host to be untrusted or compromised for exploitation.
Created: 2026-06-29 Last update: 2026-07-06 11:00
The VCS repository is not up to date, push the missing commits. high
vcswatch reports that this package has been uploaded into the archive but the debian/changelog in the VCS is still UNRELEASED. You should consider pushing the missing commits or updating the VCS.
Created: 2026-05-22 Last update: 2026-06-30 04:49
lintian reports 1 warning normal
Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.
Created: 2026-05-27 Last update: 2026-05-27 21:02
2 low-priority security issues in trixie low

There are 2 open security issues in trixie.

2 issues left for the package maintainer to handle:
  • CVE-2026-57965: (needs triaging) A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service (DoS) for the virtual machine. This issue requires the SPICE host to be untrusted or compromised for exploitation.
  • CVE-2026-57966: (needs triaging) A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized before being used. An attacker could exploit this to write to sensitive locations with the privileges of the spice-vdagent process, typically the logged-in user. This issue requires the SPICE host to be untrusted or compromised for exploitation.

You can find information about how to handle these issues in the security team's documentation.

Created: 2026-06-29 Last update: 2026-07-06 11:00
debian/patches: 2 patches to forward upstream low

Among the 2 debian patches available in version 0.23.0-2 of the package, we noticed the following issues:

  • 2 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.
Created: 2023-02-26 Last update: 2026-05-26 20:01
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.2).
Created: 2025-12-23 Last update: 2026-05-26 16:32
news
[rss feed]
  • [2026-05-31] spice-vdagent 0.23.0-2 MIGRATED to testing (Debian testing watch)
  • [2026-05-26] Accepted spice-vdagent 0.23.0-2 (source) into unstable (Abhijith PA)
  • [2025-10-21] spice-vdagent 0.23.0-1 MIGRATED to testing (Debian testing watch)
  • [2025-10-16] Accepted spice-vdagent 0.23.0-1 (source amd64) into unstable (Abhijith PA)
  • [2025-09-06] spice-vdagent 0.22.1-5 MIGRATED to testing (Debian testing watch)
  • [2025-09-01] Accepted spice-vdagent 0.22.1-5 (source) into unstable (Abhijith PA)
  • [2024-08-06] spice-vdagent 0.22.1-4.1 MIGRATED to testing (Debian testing watch)
  • [2024-07-31] Accepted spice-vdagent 0.22.1-4.1 (source) into unstable (Michael Biebl)
  • [2024-05-31] spice-vdagent REMOVED from testing (Debian testing watch)
  • [2023-11-26] spice-vdagent 0.22.1-4 MIGRATED to testing (Debian testing watch)
  • [2023-11-21] Accepted spice-vdagent 0.22.1-4 (source) into unstable (Abhijith PA)
  • [2022-06-06] spice-vdagent 0.22.1-3 MIGRATED to testing (Debian testing watch)
  • [2022-05-31] Accepted spice-vdagent 0.22.1-3 (source) into unstable (Jelmer Vernooij) (signed by: Jelmer Vernooij)
  • [2022-05-30] spice-vdagent 0.22.1-2 MIGRATED to testing (Debian testing watch)
  • [2022-05-25] Accepted spice-vdagent 0.22.1-2 (source) into unstable (Jelmer Vernooij) (signed by: Jelmer Vernooij)
  • [2022-03-02] spice-vdagent 0.22.1-1 MIGRATED to testing (Debian testing watch)
  • [2022-02-24] Accepted spice-vdagent 0.22.1-1 (source) into unstable (Jeremy Bicha)
  • [2021-10-20] spice-vdagent 0.20.0-3 MIGRATED to testing (Debian testing watch)
  • [2021-10-14] Accepted spice-vdagent 0.20.0-3 (source) into unstable (Adrian Bunk)
  • [2021-01-13] Accepted spice-vdagent 0.17.0-1+deb9u1 (source amd64) into oldstable (Abhijith PA)
  • [2020-12-09] spice-vdagent 0.20.0-2 MIGRATED to testing (Debian testing watch)
  • [2020-12-03] Accepted spice-vdagent 0.20.0-2 (source) into unstable (Adrian Bunk)
  • [2020-05-01] spice-vdagent 0.20.0-1 MIGRATED to testing (Debian testing watch)
  • [2020-04-26] Accepted spice-vdagent 0.20.0-1 (source) into unstable (Laurent Bigonville)
  • [2019-10-02] spice-vdagent 0.19.0-2 MIGRATED to testing (Debian testing watch)
  • [2019-09-27] Accepted spice-vdagent 0.19.0-2 (source) into unstable (Laurent Bigonville)
  • [2019-08-20] spice-vdagent 0.19.0-1 MIGRATED to testing (Debian testing watch)
  • [2019-08-14] Accepted spice-vdagent 0.19.0-1 (source) into unstable (Laurent Bigonville)
  • [2018-10-23] spice-vdagent 0.18.0-1 MIGRATED to testing (Debian testing watch)
  • [2018-10-18] Accepted spice-vdagent 0.18.0-1 (source amd64) into unstable (Laurent Bigonville)
  • 1
  • 2
bugs [bug history graph]
  • all: 6 7
  • RC: 0
  • I&N: 6 7
  • M&W: 0
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (0, 1)
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • other distros
  • security tracker
  • debian patches
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 0.23.0-2

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing