Publishing details

• Published on 2020-10-06
• Copied from ubuntu xenial in Private PPA for Ubuntu Security Team by Marc Deslauriers

Changelog

spice (0.12.6-4ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: multiple buffer overflows in QUIC image decoding
    - debian/patches/CVE-2020-14355-1.patch: check we have some data to
      start decoding quic image in spice-common/common/quic.c.
    - debian/patches/CVE-2020-14355-2.patch: check image size in
      quic_decode_begin in spice-common/common/quic.c.
    - debian/patches/CVE-2020-14355-3.patch: check RLE lengths in
      spice-common/common/quic_tmpl.c.
    - debian/patches/CVE-2020-14355-4.patch: avoid possible buffer overflow
      in find_bucket in spice-common/common/quic_family_tmpl.c.
    - CVE-2020-14355

 -- Marc Deslauriers <email address hidden>  Thu, 01 Oct 2020 07:15:42 -0400

Builds

• amd64
• i386

Built packages

• libspice-server-dev Header files and development documentation for spice-server

• libspice-server-dev-dbgsym debug symbols for package libspice-server-dev

• libspice-server1 Implements the server side of the SPICE protocol

• libspice-server1-dbg Debugging symbols for libspice-server1

• libspice-server1-dbgsym debug symbols for package libspice-server1

Package files

• libspice-server-dev-dbgsym_0.12.6-4ubuntu0.5_amd64.ddeb (1.0 KiB)
• libspice-server-dev-dbgsym_0.12.6-4ubuntu0.5_i386.ddeb (1.0 KiB)
• libspice-server-dev_0.12.6-4ubuntu0.5_amd64.deb (360.9 KiB)
• libspice-server-dev_0.12.6-4ubuntu0.5_i386.deb (374.1 KiB)
• libspice-server1-dbg_0.12.6-4ubuntu0.5_amd64.deb (1.2 MiB)
• libspice-server1-dbg_0.12.6-4ubuntu0.5_i386.deb (1.1 MiB)
• libspice-server1-dbgsym_0.12.6-4ubuntu0.5_amd64.ddeb (1.0 KiB)
• libspice-server1-dbgsym_0.12.6-4ubuntu0.5_i386.ddeb (1.0 KiB)
• libspice-server1_0.12.6-4ubuntu0.5_amd64.deb (331.8 KiB)
• libspice-server1_0.12.6-4ubuntu0.5_i386.deb (349.2 KiB)
• spice_0.12.6-4ubuntu0.5.debian.tar.xz (17.7 KiB)
• spice_0.12.6-4ubuntu0.5.dsc (2.4 KiB)
• spice_0.12.6.orig.tar.bz2 (1.1 MiB)