Copied from
ubuntu bionic in
Private PPA for Ubuntu Security Team
by Marc Deslauriers
Changelog
spice (0.14.0-1ubuntu2.5) bionic-security; urgency=medium
* SECURITY UPDATE: multiple buffer overflows in QUIC image decoding
- debian/patches/CVE-2020-14355-1.patch: check we have some data to
start decoding quic image in spice-common/common/quic.c.
- debian/patches/CVE-2020-14355-2.patch: check image size in
quic_decode_begin in spice-common/common/quic.c.
- debian/patches/CVE-2020-14355-3.patch: check RLE lengths in
spice-common/common/quic_tmpl.c.
- debian/patches/CVE-2020-14355-4.patch: avoid possible buffer overflow
in find_bucket in spice-common/common/quic_family_tmpl.c.
- CVE-2020-14355
-- Marc Deslauriers <email address hidden> Thu, 01 Oct 2020 07:12:53 -0400