Change log for spice package in Ubuntu
1 → 75 of 83 results | First • Previous • Next • Last |
spice (0.15.2-1) unstable; urgency=medium [ Michael Tokarev ] * new upstream release * d/source/lintian-overrides: add overrides for asciidoc-generated html files in docs/ * d/control: add loong64 to Architecture: list (Closes: #1059010) * d/patches/: remove meson-omit-meson-dist.patch (upstream finally included the missing file) * d/patches: remove do-not-run-nonexisting-doxygen-sh.patch (not needed anymore) * d/rules: export PYTHONDONTWRITEBYTECODE=1 (Closes: #1048594) * d/control: s/pkg-config/pkgconf/ * d/control: Standards-Version: 4.7.0 (no changes needed) [ Debian Janitor ] * Remove constraints unnecessary since buster (oldstable) -- Michael Tokarev <email address hidden> Sun, 16 Jun 2024 17:43:40 +0300
Available diffs
- diff from 0.15.1-1build2 (in Ubuntu) to 0.15.2-1 (281.5 KiB)
Superseded in oracular-release |
Published in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
spice (0.15.1-1build2) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- William Grant <email address hidden> Mon, 01 Apr 2024 15:49:16 +1100
Available diffs
- diff from 0.15.1-1build1 to 0.15.1-1build2 (305 bytes)
spice (0.15.1-1build1) noble; urgency=medium * No-change rebuild against libssl3t64 -- Steve Langasek <email address hidden> Mon, 04 Mar 2024 21:24:35 +0000
Available diffs
- diff from 0.15.1-1 (in Debian) to 0.15.1-1build1 (530 bytes)
Deleted in noble-updates (Reason: superseded by release) |
Superseded in noble-release |
Published in mantic-release |
Published in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
spice (0.15.1-1) unstable; urgency=medium * new upstream release (0.15.1) Closes: LP#1964777 * remove patches applied upstream: build-Correctly-check-for-Python-modules.patch test-leaks-fix-the-test-with-OpenSSL3.patch * meson-omit-meson-dist.patch: fix build with meson (it fails right away because build-aux/meson-dist file is not included in the source tarball) * move gstreamer1.0-libav from Recommends: to Suggests: on Ubuntu (MR!5) * d/gbp.conf: create initial gbp config * d/watch: fix url/location include all releases, not just even (02468) ones signature is foo.sig now, not foo.sign * d/upstream/signing-key.asc: key 206D3B352F566F3B0E6572E997D9123DE37A484F Victor Toso de Carvalho <email address hidden> -- Michael Tokarev <email address hidden> Mon, 17 Oct 2022 20:33:40 +0300
Available diffs
Superseded in lunar-release |
Obsolete in kinetic-release |
Deleted in kinetic-proposed (Reason: Moved to kinetic) |
spice (0.15.0-4ubuntu1) kinetic; urgency=medium * Merge with Debian unstable. Remaining changes: - d/control: Don't recommend -libav gstreamer plugins since it is in universe. This now downgrades it to a suggest instead of completely removing the dependency. - d/p/Revert-reds-start-QXL-devices-if-VM-is-running-fix-r.patch: fix race on spice init (LP: #1964777) * Dropped changes: - test-leaks-fix-the-test-with-OpenSSL3.patch [in 0.15.0-4] -- Christian Ehrhardt <email address hidden> Tue, 20 Sep 2022 08:36:12 +0200
Available diffs
Superseded in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
spice (0.15.0-2ubuntu4) jammy; urgency=medium * d/p/Revert-reds-start-QXL-devices-if-VM-is-running-fix-r.patch: fix race on spice init (LP: #1964777) -- Christian Ehrhardt <email address hidden> Mon, 21 Mar 2022 09:23:33 +0100
Available diffs
spice (0.15.0-2ubuntu3) jammy; urgency=medium * No-change rebuild against openssl3 -- Simon Chopin <email address hidden> Wed, 01 Dec 2021 16:10:53 +0000
Available diffs
- diff from 0.15.0-2ubuntu2 to 0.15.0-2ubuntu3 (333 bytes)
spice (0.15.0-2ubuntu2) jammy; urgency=medium * d/p/0001-test-leaks-fix-the-test-with-OpenSSL3.patch: Fix the test suite against OpenSSL3 (LP: #1946198) -- Simon Chopin <email address hidden> Wed, 10 Nov 2021 14:22:14 +0100
Available diffs
spice (0.15.0-2ubuntu1) jammy; urgency=medium * Merge with Debian unstable (LP: #1946901). Remaining changes: - d/control: Don't recommend -libav gstreamer plugins since it is in universe. This now downgrades it to a suggest instead of completely removing the dependency. * Dropped changes - d/t/automated-tests: avoid test fail due to build errors [in Debian now]
Available diffs
- diff from 0.14.3-2.1ubuntu1 to 0.15.0-2ubuntu1 (636.1 KiB)
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
spice (0.14.3-2.1ubuntu1) impish; urgency=medium * Merge with Debian unstable. Remaining changes: - d/control: Don't recommend -libav gstreamer plugins since it is in universe. This now downgrades it to a suggest instead of completely removing the dependency. - d/t/automated-tests: avoid test fail due to build errors (Closes: #973803). -- Miriam EspaƱa Acebal <email address hidden> Fri, 13 Aug 2021 14:12:44 +0200
Available diffs
Superseded in impish-release |
Obsolete in hirsute-release |
Deleted in hirsute-proposed (Reason: moved to Release) |
spice (0.14.3-2ubuntu3) hirsute; urgency=medium * d/t/automated-tests: avoid test fail due to build errors (Closes: #973803)
Available diffs
- diff from 0.14.3-1ubuntu2 to 0.14.3-2ubuntu3 (4.8 KiB)
- diff from 0.14.3-2ubuntu2 to 0.14.3-2ubuntu3 (515 bytes)
Superseded in hirsute-proposed |
spice (0.14.3-2ubuntu2) hirsute; urgency=medium * Merge with Debian unstable. Remaining changes: - d/control: Don't recommend -libav gstreamer plugins since it is in universe. This now downgrades it to a suggest instead of completely removing the dependency.
Available diffs
- diff from 0.14.3-2ubuntu1 to 0.14.3-2ubuntu2 (364 bytes)
Superseded in hirsute-proposed |
spice (0.14.3-2ubuntu1) hirsute; urgency=medium * Merge with Debian unstable (LP: #9999999). Remaining changes: - d/control: Don't recommend -libav gstreamer plugins since it is in universe. This now downgrades it to a suggest instead of completely removing the dependency.
Available diffs
Superseded in hirsute-release |
Obsolete in groovy-release |
Deleted in groovy-proposed (Reason: moved to Release) |
spice (0.14.3-1ubuntu2) groovy; urgency=medium * SECURITY UPDATE: multiple buffer overflows in QUIC image decoding - debian/patches/CVE-2020-14355-1.patch: check we have some data to start decoding quic image in subprojects/spice-common/common/quic.c. - debian/patches/CVE-2020-14355-2.patch: check image size in quic_decode_begin in subprojects/spice-common/common/quic.c. - debian/patches/CVE-2020-14355-3.patch: check RLE lengths in subprojects/spice-common/common/quic_tmpl.c. - debian/patches/CVE-2020-14355-4.patch: avoid possible buffer overflow in find_bucket in subprojects/spice-common/common/quic_family_tmpl.c. - CVE-2020-14355 -- Marc Deslauriers <email address hidden> Thu, 01 Oct 2020 07:00:18 -0400
Available diffs
spice (0.12.6-4ubuntu0.5) xenial-security; urgency=medium * SECURITY UPDATE: multiple buffer overflows in QUIC image decoding - debian/patches/CVE-2020-14355-1.patch: check we have some data to start decoding quic image in spice-common/common/quic.c. - debian/patches/CVE-2020-14355-2.patch: check image size in quic_decode_begin in spice-common/common/quic.c. - debian/patches/CVE-2020-14355-3.patch: check RLE lengths in spice-common/common/quic_tmpl.c. - debian/patches/CVE-2020-14355-4.patch: avoid possible buffer overflow in find_bucket in spice-common/common/quic_family_tmpl.c. - CVE-2020-14355 -- Marc Deslauriers <email address hidden> Thu, 01 Oct 2020 07:15:42 -0400
Available diffs
spice (0.14.0-1ubuntu2.5) bionic-security; urgency=medium * SECURITY UPDATE: multiple buffer overflows in QUIC image decoding - debian/patches/CVE-2020-14355-1.patch: check we have some data to start decoding quic image in spice-common/common/quic.c. - debian/patches/CVE-2020-14355-2.patch: check image size in quic_decode_begin in spice-common/common/quic.c. - debian/patches/CVE-2020-14355-3.patch: check RLE lengths in spice-common/common/quic_tmpl.c. - debian/patches/CVE-2020-14355-4.patch: avoid possible buffer overflow in find_bucket in spice-common/common/quic_family_tmpl.c. - CVE-2020-14355 -- Marc Deslauriers <email address hidden> Thu, 01 Oct 2020 07:12:53 -0400
Available diffs
spice (0.14.2-4ubuntu3.1) focal-security; urgency=medium * SECURITY UPDATE: multiple buffer overflows in QUIC image decoding - debian/patches/CVE-2020-14355-1.patch: check we have some data to start decoding quic image in subprojects/spice-common/common/quic.c. - debian/patches/CVE-2020-14355-2.patch: check image size in quic_decode_begin in subprojects/spice-common/common/quic.c. - debian/patches/CVE-2020-14355-3.patch: check RLE lengths in subprojects/spice-common/common/quic_tmpl.c. - debian/patches/CVE-2020-14355-4.patch: avoid possible buffer overflow in find_bucket in subprojects/spice-common/common/quic_family_tmpl.c. - CVE-2020-14355 -- Marc Deslauriers <email address hidden> Thu, 01 Oct 2020 07:03:54 -0400
Available diffs
spice (0.14.3-1ubuntu1) groovy; urgency=medium * Merge with Debian unstable (LP: #1881093). Remaining changes: - d/control: Don't recommend -libav gstreamer plugins since it is in universe - make autopkgtests work again - d/t/automated-tests: spice-common moved into dir subprojects - d/t/automated-tests: option --enable-automated-tests now is always on - d/t/control: make tests more debuggable by allowing stderr - d/t/control: install new test dependency python-pil - d/t/regression-test.py, d/t/base_test.ppm: add file dropped in release tarball but needed for autopkgtests - d/source/include-binaries: allow binary base_test.ppm in package * Dropped changes - d/p/lp-1874054-*: fix rescaling and some crashes (LP: 1874054) [Upstream in 0.14.3]
Available diffs
- diff from 0.14.2-4ubuntu3 to 0.14.3-1ubuntu1 (561.2 KiB)
Superseded in groovy-release |
Deleted in groovy-proposed (Reason: moved to Release) |
Superseded in groovy-proposed |
Superseded in focal-updates |
Deleted in focal-proposed (Reason: moved to -updates) |
spice (0.14.2-4ubuntu3) focal; urgency=medium * d/p/lp-1874054-*: fix rescaling and some crashes (LP: #1874054) -- Christian Ehrhardt <email address hidden> Tue, 21 Apr 2020 14:05:18 +0200
Available diffs
Superseded in groovy-release |
Published in focal-release |
Deleted in focal-proposed (Reason: moved to Release) |
spice (0.14.2-4ubuntu2) focal; urgency=medium * No-change rebuild for libgcc-s1 package name change. -- Matthias Klose <email address hidden> Mon, 23 Mar 2020 07:26:08 +0100
Available diffs
- diff from 0.14.2-4ubuntu1 to 0.14.2-4ubuntu2 (347 bytes)
spice (0.14.2-4ubuntu1) focal; urgency=medium * Merge with Debian unstable (LP: #1852439). Remaining changes: - d/control: Don't recommend -libav gstreamer plugins since it is in universe - make autopkgtests work again - d/t/automated-tests: spice-common moved into dir subprojects - d/t/automated-tests: option --enable-automated-tests now is always on - d/t/control: make tests more debuggable by allowing stderr - d/t/control: install new test dependency python-pil - d/t/regression-test.py, d/t/base_test.ppm: add file dropped in release tarball but needed for autopkgtests - d/source/include-binaries: allow binary base_test.ppm in package * Added changes: - d/t/automated-tests, d/t/control: make autopkgtests python3 compatible * Dropped Changes (in Debian): - d/control: Don't recommend -ugly gstreamer plugins since it is in universe - d/patches: drop patches being upstream in 0.14.2 - new upstream 0.14.2 - disable failing test-listen - d/libspice-server1.symbols: update for new symbols in 14.2 - d/p/fix-test-qxl-parsing-on-ppc64el-and-armhf.patch: avoid FTBFS due to different handling of high words for constants - d/control: bump build dependency to libspice-protocol-dev >=0.14.0 * Dropped Changes (Upstream) - SECURITY UPDATE: Integer overflow and buffer overflow CVE-2017-12194 - SECURITY UPDATE: Denial of service CVE-2018-10873 - SECURITY UPDATE: off-by-one error in memslot_get_virt CVE-2019-3813
Available diffs
Superseded in focal-release |
Obsolete in eoan-release |
Deleted in eoan-proposed (Reason: moved to release) |
spice (0.14.2-0ubuntu2) eoan; urgency=medium * Fixup autpkgtest (LP: #1834286) These changes will make the test able to run again, but not output mismatch errors (this matches the behavior before 0.14.2). Upstream discussion started on how to resolve that as a next step, more details at the LP bug. - d/t/automated-tests: spice-common moved into dir subprojects - d/t/automated-tests: option --enable-automated-tests now is always on" - d/t/automated-tests, d/t/control: make tests more debuggable by allowing stderr - d/t/control: install new test dependency python-pil - d/t/base_test.ppm, d/t/regression-test.py: provide test resources from upstream git not part of the released tarball anymore - d/source/include-binaries: allow binary base_test.ppm in package -- Christian Ehrhardt <email address hidden> Tue, 25 Jun 2019 12:59:01 +0200
Available diffs
Superseded in eoan-proposed |
spice (0.14.2-0ubuntu1) eoan; urgency=medium * New upstream release Among many other fixes this will resolve (LP: #1814146) - d/p/disable-failing-test-listen.patch: disable new test that is unreliable in the build environment - d/patches: drop patches being upstream in 0.14.2 + debian/patches/CVE-2017-12194-1.patch + debian/patches/CVE-2017-12194-2.patch + debian/patches/CVE-2017-12194-3.patch + debian/patches/CVE-2018-10873.patch + debian/patches/CVE-2019-3813.patch - d/libspice-server1.symbols: update for new symbols in 14.2 - d/p/fix-test-qxl-parsing-on-ppc64el-and-armhf.patch: avoid FTBFS due to different handling of high words for constants - d/control: bump build dependency to libspice-protocol-dev >=0.14.0 -- Christian Ehrhardt <email address hidden> Fri, 24 May 2019 12:27:26 +0200
Available diffs
Superseded in eoan-release |
Obsolete in disco-release |
Deleted in disco-proposed (Reason: moved to release) |
spice (0.14.0-1ubuntu5) disco; urgency=medium * SECURITY UPDATE: off-by-one error in memslot_get_virt - debian/patches/CVE-2019-3813.patch: fix checks in server/memslot.c, add tests to server/tests/test-qxl-parsing.c. - CVE-2019-3813 * debian/tests/automated-tests: fix incorrect test name, don't fail on build writing to stderr. -- Marc Deslauriers <email address hidden> Thu, 24 Jan 2019 08:58:10 -0500
Available diffs
spice (0.14.0-1ubuntu4.2) cosmic-security; urgency=medium * SECURITY UPDATE: off-by-one error in memslot_get_virt - debian/patches/CVE-2019-3813.patch: fix checks in server/memslot.c, add tests to server/tests/test-qxl-parsing.c. - CVE-2019-3813 * debian/tests/automated-tests: fix incorrect test name, don't fail on build writing to stderr. -- Marc Deslauriers <email address hidden> Thu, 24 Jan 2019 08:58:10 -0500
Available diffs
spice (0.14.0-1ubuntu2.4) bionic-security; urgency=medium * SECURITY UPDATE: off-by-one error in memslot_get_virt - debian/patches/CVE-2019-3813.patch: fix checks in server/memslot.c, add tests to server/tests/test-qxl-parsing.c. - CVE-2019-3813 * debian/tests/automated-tests: fix incorrect test name, don't fail on build writing to stderr. -- Marc Deslauriers <email address hidden> Thu, 24 Jan 2019 09:00:10 -0500
Available diffs
spice (0.12.4-0nocelt2ubuntu1.8) trusty-security; urgency=medium * SECURITY UPDATE: off-by-one error in memslot_get_virt - debian/patches/CVE-2019-3813.patch: fix checks in server/red_memslots.c. - CVE-2019-3813 -- Marc Deslauriers <email address hidden> Thu, 24 Jan 2019 09:46:04 -0500
Available diffs
spice (0.12.6-4ubuntu0.4) xenial-security; urgency=medium * SECURITY UPDATE: off-by-one error in memslot_get_virt - debian/patches/CVE-2019-3813.patch: fix checks in server/red_memslots.c. - CVE-2019-3813 -- Marc Deslauriers <email address hidden> Thu, 24 Jan 2019 09:45:07 -0500
Available diffs
Superseded in disco-release |
Obsolete in cosmic-release |
Deleted in cosmic-proposed (Reason: moved to release) |
spice (0.14.0-1ubuntu4) cosmic; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-10873.patch: fix in spice-common/python_modules/demarshal.py, - CVE-2018-10873 -- <email address hidden> (Leonidas S. Barbosa) Mon, 20 Aug 2018 13:26:02 -0300
Available diffs
spice (0.14.0-1ubuntu2.2) bionic-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-10873.patch: fix in spice-common/python_modules/demarshal.py, - CVE-2018-10873 -- <email address hidden> (Leonidas S. Barbosa) Mon, 20 Aug 2018 15:44:02 -0300
Available diffs
spice (0.12.4-0nocelt2ubuntu1.7) trusty-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-10873.patch: fix in spice-common/python_modules/demarshal.py, - CVE-2018-10873 -- <email address hidden> (Leonidas S. Barbosa) Mon, 20 Aug 2018 15:45:59 -0300
Available diffs
spice (0.14.0-1ubuntu3) cosmic; urgency=medium * SECURITY UPDATE: Integer overflow and buffer overflow - debian/patches/CVE-2017-12194-1.patch: fix a integer overflow computing sizes in spice-common/python_modules/demarshal.py. - debian/patches/CVE-2017-12194-2.patch: avoid integer overflow in spice-common/python_modules/demarshal.py, spice-common/python_modules/marshal.py. - debian/patches/CVE-2017-12194-3.patch: add tests to verify fix. - CVE-2017-12194 -- <email address hidden> (Leonidas S. Barbosa) Tue, 22 May 2018 14:53:01 -0300
Available diffs
spice (0.12.4-0nocelt2ubuntu1.6) trusty-security; urgency=medium * SECURITY UPDATE: Integer overflow and buffer overflow - debian/patches/CVE-2017-12194-1.patch: fix a integer overflow computing sizes in spice-common/python_modules/demarshal.py. - debian/patches/CVE-2017-12194-2.patch: avoid integer overflow in spice-common/python_modules/demarshal.py, spice-common/python_modules/marshal.py. - CVE-2017-12194 -- <email address hidden> (Leonidas S. Barbosa) Tue, 22 May 2018 13:01:14 -0300
spice (0.12.8-2.2ubuntu0.1) artful-security; urgency=medium * SECURITY UPDATE: Integer overflow and buffer overflow - debian/patches/CVE-2017-12194-1.patch: fix a integer overflow computing sizes in spice-common/python_modules/demarshal.py. - debian/patches/CVE-2017-12194-2.patch: avoid integer overflow in spice-common/python_modules/demarshal.py, spice-common/python_modules/marshal.py. - debian/patches/CVE-2017-12194-3.patch: add tests to verify fix. - CVE-2017-12194 -- <email address hidden> (Leonidas S. Barbosa) Tue, 22 May 2018 13:46:36 -0300
Available diffs
spice (0.14.0-1ubuntu2.1) bionic-security; urgency=medium * SECURITY UPDATE: Integer overflow and buffer overflow - debian/patches/CVE-2017-12194-1.patch: fix a integer overflow computing sizes in spice-common/python_modules/demarshal.py. - debian/patches/CVE-2017-12194-2.patch: avoid integer overflow in spice-common/python_modules/demarshal.py, spice-common/python_modules/marshal.py. - debian/patches/CVE-2017-12194-3.patch: add tests to verify fix. - CVE-2017-12194 -- <email address hidden> (Leonidas S. Barbosa) Tue, 22 May 2018 14:33:20 -0300
Available diffs
Superseded in cosmic-release |
Published in bionic-release |
Deleted in bionic-proposed (Reason: moved to release) |
spice (0.14.0-1ubuntu2) bionic; urgency=high * No change rebuild against openssl1.1. -- Dimitri John Ledkov <email address hidden> Tue, 06 Feb 2018 17:55:31 +0000
Available diffs
- diff from 0.14.0-1ubuntu1 to 0.14.0-1ubuntu2 (340 bytes)
spice (0.14.0-1ubuntu1) bionic; urgency=medium * Don't recommend -ugly or -libav gstreamer plugins since they are in universe -- Jeremy Bicha <email address hidden> Wed, 01 Nov 2017 21:55:03 -0400
Available diffs
spice (0.14.0-1) unstable; urgency=medium * New upstream release * debian/copyright: refresh * debian/control: - Add liborc-0.4-dev to Build-Depends - Update Build-Depends on debhelper to >= 10 - Remove dh-autoreconf from Build-Depends - Bump Standards-Version to 4.1.1 (no changes) - Use https in Homepage * debian/compat, bump to 10 * debian/watch, switch to https -- Liang Guo <email address hidden> Thu, 19 Oct 2017 14:35:54 +0800
Available diffs
- diff from 0.12.8-2.2 to 0.14.0-1 (860.6 KiB)
Superseded in bionic-release |
Obsolete in artful-release |
Deleted in artful-proposed (Reason: moved to release) |
spice (0.12.8-2.2) unstable; urgency=medium * Non-maintainer upload. * Fix CVE-2017-7506: (Closes: #868083) Possible buffer overflow via invalid monitor configurations. -- Markus Koschany <email address hidden> Fri, 21 Jul 2017 23:34:38 +0200
Available diffs
spice (0.12.8-2.1ubuntu0.1) artful; urgency=medium * SECURITY UPDATE: buffer overflow via invalid monitor configurations - debian/patches/CVE-2017-7506-1.patch: disconnect when receiving overly big ClientMonitorsConfig in server/reds.c. - debian/patches/CVE-2017-7506-2.patch: avoid integer overflows handling monitor configuration in server/reds.c. - debian/patches/CVE-2017-7506-3.patch: avoid buffer overflows handling monitor configuration in server/reds.c. - CVE-2017-7506 -- Marc Deslauriers <email address hidden> Tue, 18 Jul 2017 13:30:46 -0400
Available diffs
spice (0.12.4-0nocelt2ubuntu1.5) trusty-security; urgency=medium * SECURITY UPDATE: buffer overflow via invalid monitor configurations - debian/patches/CVE-2017-7506-1.patch: disconnect when receiving overly big ClientMonitorsConfig in server/reds.c. - debian/patches/CVE-2017-7506-2.patch: avoid integer overflows handling monitor configuration in server/reds.c. - debian/patches/CVE-2017-7506-3.patch: avoid buffer overflows handling monitor configuration in server/reds.c. - CVE-2017-7506 -- Marc Deslauriers <email address hidden> Tue, 18 Jul 2017 13:39:05 -0400
spice (0.12.6-4ubuntu0.3) xenial-security; urgency=medium * SECURITY UPDATE: buffer overflow via invalid monitor configurations - debian/patches/CVE-2017-7506-1.patch: disconnect when receiving overly big ClientMonitorsConfig in server/reds.c. - debian/patches/CVE-2017-7506-2.patch: avoid integer overflows handling monitor configuration in server/reds.c. - debian/patches/CVE-2017-7506-3.patch: avoid buffer overflows handling monitor configuration in server/reds.c. - CVE-2017-7506 -- Marc Deslauriers <email address hidden> Tue, 18 Jul 2017 13:34:33 -0400
Available diffs
spice (0.12.8-2ubuntu1.1) zesty-security; urgency=medium * SECURITY UPDATE: buffer overflow via invalid monitor configurations - debian/patches/CVE-2017-7506-1.patch: disconnect when receiving overly big ClientMonitorsConfig in server/reds.c. - debian/patches/CVE-2017-7506-2.patch: avoid integer overflows handling monitor configuration in server/reds.c. - debian/patches/CVE-2017-7506-3.patch: avoid buffer overflows handling monitor configuration in server/reds.c. - CVE-2017-7506 -- Marc Deslauriers <email address hidden> Tue, 18 Jul 2017 13:33:41 -0400
Available diffs
spice (0.12.8-2.1) unstable; urgency=medium * Non-maintainer upload. * Add CVE-2016-9577-and-CVE-2016-9578.patch: - CVE-2016-9577: A buffer overflow vulnerability in main_channel_alloc_msg_rcv_buf was found that occurs when reading large messages due to missing buffer size check. - CVE-2016-9578: A vulnerability was discovered in the server's protocol handling. An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. (Closes: #854336) -- Markus Koschany <email address hidden> Mon, 13 Feb 2017 21:42:01 +0100
Available diffs
Superseded in artful-release |
Obsolete in zesty-release |
Deleted in zesty-proposed (Reason: moved to release) |
spice (0.12.8-2ubuntu1) zesty; urgency=medium * SECURITY UPDATE: overflow when reading large messages - debian/patches/CVE-2016-9577.patch: check size in server/main_channel.c. - CVE-2016-9577 * SECURITY UPDATE: DoS via crafted message - debian/patches/CVE-2016-9578-1.patch: limit size in server/reds.c. - debian/patches/CVE-2016-9578-2.patch: limit caps in server/reds.c. - CVE-2016-9578 -- Marc Deslauriers <email address hidden> Wed, 15 Feb 2017 13:58:19 -0500
Available diffs
spice (0.12.6-4ubuntu0.2) xenial-security; urgency=medium * SECURITY UPDATE: overflow when reading large messages - debian/patches/CVE-2016-9577.patch: check size in server/main_channel.c. - CVE-2016-9577 * SECURITY UPDATE: DoS via crafted message - debian/patches/CVE-2016-9578-1.patch: limit size in server/reds.c. - debian/patches/CVE-2016-9578-2.patch: limit caps in server/reds.c. - CVE-2016-9578 -- Marc Deslauriers <email address hidden> Wed, 15 Feb 2017 14:02:33 -0500
Available diffs
spice (0.12.4-0nocelt2ubuntu1.4) trusty-security; urgency=medium * SECURITY UPDATE: overflow when reading large messages - debian/patches/CVE-2016-9577.patch: check size in server/main_channel.c. - CVE-2016-9577 * SECURITY UPDATE: DoS via crafted message - debian/patches/CVE-2016-9578-1.patch: limit size in server/reds.c. - debian/patches/CVE-2016-9578-2.patch: limit caps in server/reds.c. - CVE-2016-9578 -- Marc Deslauriers <email address hidden> Wed, 15 Feb 2017 14:07:29 -0500
spice (0.12.8-1ubuntu0.1) yakkety-security; urgency=medium * SECURITY UPDATE: overflow when reading large messages - debian/patches/CVE-2016-9577.patch: check size in server/main_channel.c. - CVE-2016-9577 * SECURITY UPDATE: DoS via crafted message - debian/patches/CVE-2016-9578-1.patch: limit size in server/reds.c. - debian/patches/CVE-2016-9578-2.patch: limit caps in server/reds.c. - CVE-2016-9578 -- Marc Deslauriers <email address hidden> Wed, 15 Feb 2017 14:01:44 -0500
Available diffs
spice (0.12.8-2) unstable; urgency=medium * Build on all little-endian architectures (Closes: #734218) * Drop -dbg package and rely on the automatically built one (-dbgsym) * Drop the libasound2-dev build-dependency, this was needed for the spice-client which is gone since 0.12.6-1 -- Liang Guo <email address hidden> Fri, 06 Jan 2017 21:50:55 +0800
Available diffs
- diff from 0.12.8-1 to 0.12.8-2 (1.2 KiB)
Superseded in zesty-release |
Obsolete in yakkety-release |
Deleted in yakkety-proposed (Reason: moved to release) |
spice (0.12.8-1) unstable; urgency=medium * New upstream release * Remove debian/patches/{CVE-2016-0749,CVE-2016-2150}, applied Upstream -- Liang Guo <email address hidden> Tue, 26 Jul 2016 11:06:19 +0800
Available diffs
- diff from 0.12.7-1 to 0.12.8-1 (10.9 KiB)
spice (0.12.7-1) unstable; urgency=medium * New upstream release * Update debian/copyright * Refresh debian/patches * Static build is disabled, remove lib*.a from libspice-server-dev * Update Standards-Version to 3.9.8 (no changes) * Use secure uri in vcs-* -- Liang Guo <email address hidden> Thu, 23 Jun 2016 14:09:24 +0800
Available diffs
- diff from 0.12.6-4.1 to 0.12.7-1 (97.5 KiB)
spice (0.12.6-4.1) unstable; urgency=high * Non-maintainer upload. * CVE-2016-0749: heap-based buffer overflow in smartcard interaction (Closes: #826585) * CVE-2016-2150: host memory access from guest using crafted primary surface parameters (Closes: #826584) -- Salvatore Bonaccorso <email address hidden> Mon, 06 Jun 2016 19:22:10 +0200
Available diffs
spice (0.12.4-0nocelt2ubuntu1.3) trusty-security; urgency=medium * SECURITY UPDATE: denial of service and possible code execution via memory allocation flaw in smartcard interaction - debian/patches/CVE-2016-0749/*.patch: add a ref to item and allocate msg with the expected size in server/smartcard.c. - CVE-2016-0749 * SECURITY UPDATE: host memory access from guest with invalid primary surface parameters - debian/patches/CVE-2016-2150/*.patch: create a function to validate surface parameters in server/red_parse_qxl.*, improve primary surface parameter checks in server/red_worker.c. - CVE-2016-2150 * Added two extra commits to previous security update: - 0001-worker-validate-correctly-surfaces.patch - 0002-worker-avoid-double-free-or-double-create-of-surface.patch -- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 10:58:27 -0400
spice (0.12.5-1.1ubuntu2.1) wily-security; urgency=medium * SECURITY UPDATE: denial of service and possible code execution via memory allocation flaw in smartcard interaction - debian/patches/CVE-2016-0749/*.patch: add a ref to item and allocate msg with the expected size in server/smartcard.c. - CVE-2016-0749 * SECURITY UPDATE: host memory access from guest with invalid primary surface parameters - debian/patches/CVE-2016-2150/*.patch: create a function to validate surface parameters in server/red_parse_qxl.*, improve primary surface parameter checks in server/red_worker.c. - CVE-2016-2150 * Added two extra commits to previous security update: - 0001-worker-validate-correctly-surfaces.patch - 0002-worker-avoid-double-free-or-double-create-of-surface.patch -- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 10:54:26 -0400
Available diffs
spice (0.12.6-4ubuntu1) yakkety; urgency=medium * SECURITY UPDATE: denial of service and possible code execution via memory allocation flaw in smartcard interaction - debian/patches/CVE-2016-0749/*.patch: add a ref to item and allocate msg with the expected size in server/smartcard.c. - CVE-2016-0749 * SECURITY UPDATE: host memory access from guest with invalid primary surface parameters - debian/patches/CVE-2016-2150/*.patch: create a function to validate surface parameters in server/red_parse_qxl.*, improve primary surface parameter checks in server/red_worker.c. - CVE-2016-2150 -- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 10:12:39 -0400
Available diffs
spice (0.12.6-4ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: denial of service and possible code execution via memory allocation flaw in smartcard interaction - debian/patches/CVE-2016-0749/*.patch: add a ref to item and allocate msg with the expected size in server/smartcard.c. - CVE-2016-0749 * SECURITY UPDATE: host memory access from guest with invalid primary surface parameters - debian/patches/CVE-2016-2150/*.patch: create a function to validate surface parameters in server/red_parse_qxl.*, improve primary surface parameter checks in server/red_worker.c. - CVE-2016-2150 -- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 10:12:39 -0400
Available diffs
Superseded in yakkety-release |
Published in xenial-release |
Deleted in xenial-proposed (Reason: moved to release) |
spice (0.12.6-4) unstable; urgency=medium * stop depending libspice-server-dev on libcacard-dev (#802413). Instead, remove mention of libcacard from the .pc file, as it is not actually used when building with libspice-server. * remove Requires.private defs from .pc file -- we're not building static libs, but if Requires.private is present, pkg-config requires the other .pc files to be present too, which is wrong (Closes: #803926) -- Michael Tokarev <email address hidden> Fri, 06 Nov 2015 10:43:55 +0300
Available diffs
Superseded in xenial-release |
Obsolete in wily-release |
Deleted in wily-proposed (Reason: moved to release) |
spice (0.12.5-1.1ubuntu2) wily; urgency=medium * SECURITY UPDATE: multiple security issues - debian/patches/CVE-2015-526x/*.patch: apply series of patches from Red Hat to fix overflows, race conditions, memory leaks and denial of service issues. - CVE-2015-5260 - CVE-2015-5261 -- Marc Deslauriers <email address hidden> Mon, 19 Oct 2015 12:29:46 -0400
Available diffs
spice (0.12.5-1ubuntu0.2) vivid-security; urgency=medium * SECURITY UPDATE: multiple security issues - debian/patches/CVE-2015-526x/*.patch: apply series of patches from Red Hat to fix overflows, race conditions, memory leaks and denial of service issues. - CVE-2015-5260 - CVE-2015-5261 -- Marc Deslauriers <email address hidden> Thu, 01 Oct 2015 07:20:39 -0400
Available diffs
spice (0.12.4-0nocelt2ubuntu1.2) trusty-security; urgency=medium * SECURITY UPDATE: multiple security issues - debian/patches/CVE-2015-526x/*.patch: apply series of patches from Red Hat to fix overflows, race conditions, memory leaks and denial of service issues. - CVE-2015-5260 - CVE-2015-5261 -- Marc Deslauriers <email address hidden> Thu, 01 Oct 2015 07:37:43 -0400
Available diffs
spice (0.12.5-1.1ubuntu1) wily; urgency=medium * SECURITY UPDATE: heap corruption via monitor configs - debian/patches/CVE-2015-3247.patch: only read count once in server/red_worker.c. - CVE-2015-3247 -- Marc Deslauriers <email address hidden> Tue, 08 Sep 2015 07:58:48 -0400
Available diffs
spice (0.12.5-1ubuntu0.1) vivid-security; urgency=medium * SECURITY UPDATE: heap corruption via monitor configs - debian/patches/CVE-2015-3247.patch: only read count once in server/red_worker.c. - CVE-2015-3247 -- Marc Deslauriers <email address hidden> Tue, 08 Sep 2015 08:02:34 -0400
Available diffs
spice (0.12.4-0nocelt2ubuntu1.1) trusty-security; urgency=medium * SECURITY UPDATE: heap corruption via monitor configs - debian/patches/CVE-2015-3247.patch: only read count once in server/red_worker.c. - CVE-2015-3247 -- Marc Deslauriers <email address hidden> Tue, 08 Sep 2015 08:03:35 -0400
Available diffs
spice (0.12.5-1.1) unstable; urgency=medium * Non-maintainer upload. * Enable smartcard support now that libcacard is in the archive (Closes: #786833) -- Laurent Bigonville <email address hidden> Fri, 14 Aug 2015 09:29:41 +0200
Available diffs
- diff from 0.12.5-1 to 0.12.5-1.1 (904 bytes)
spice (0.12.4-0nocelt2ubuntu1) trusty-proposed; urgency=medium [Gregory Boyce] * Fix newline-damaged patch (LP: #1450043) -- Serge Hallyn <email address hidden> Mon, 04 May 2015 10:47:58 -0500
Available diffs
Superseded in wily-release |
Obsolete in vivid-release |
Obsolete in utopic-release |
Deleted in utopic-proposed (Reason: moved to release) |
spice (0.12.5-1) unstable; urgency=medium * new upstream release. Can now build without celt! * Dropped patches: - make-celt-to-be-optional.patch - link-server-test-with-libm-libpthread.patch - enable_subdir-objects.patch - fix-buffer-overflow-when-decrypting-client-spice-ticket.patch * build-depend on libopus-dev, which enables opus support (no --enable-opus configure flag for now) * do not remove .version in clean anymore (it is part of the tarball) * do not use dh_autoreconf, since we aren't changing autoconf anymore * update libspice-server1.symbols with new symbols * introduce libspice-server1-dbg package (Closes: #743850) * fix the vcs-browse url (Closes: #722241) -- Michael Tokarev <email address hidden> Fri, 23 May 2014 19:26:44 +0400
Available diffs
- diff from 0.12.4-0nocelt2 to 0.12.5-1 (309.1 KiB)
Superseded in utopic-release |
Published in trusty-release |
Deleted in trusty-proposed (Reason: moved to release) |
spice (0.12.4-0nocelt2) unstable; urgency=high * Fix CVE-2013-4282 (Closes: #728314) -- Liang Guo <email address hidden> Thu, 07 Nov 2013 22:44:29 +0800
Available diffs
spice (0.12.2-0nocelt2expubuntu1.2) raring-security; urgency=low * SECURITY UPDATE: denial of service via long password in a SPICE ticket - debian/patches/CVE-2013-4282.patch: validate password length in server/reds.c. - CVE-2013-4282 -- Marc Deslauriers <email address hidden> Wed, 06 Nov 2013 09:44:27 -0500
Available diffs
spice (0.12.4-0nocelt1ubuntu0.1) saucy-security; urgency=low * SECURITY UPDATE: denial of service via long password in a SPICE ticket - debian/patches/CVE-2013-4282.patch: validate password length in server/reds.c. - CVE-2013-4282 -- Marc Deslauriers <email address hidden> Wed, 06 Nov 2013 09:43:28 -0500
Available diffs
spice (0.12.4-0nocelt1.1ubuntu1) trusty; urgency=low * SECURITY UPDATE: denial of service via long password in a SPICE ticket - debian/patches/CVE-2013-4282.patch: validate password length in server/reds.c. - CVE-2013-4282 -- Marc Deslauriers <email address hidden> Wed, 06 Nov 2013 09:41:43 -0500
Available diffs
spice (0.12.4-0nocelt1.1) unstable; urgency=low * Non-maintainer upload. * debian/patches - add enable_subdir-objects.patch (Closes: #724093) -- Hideki Yamane <email address hidden> Mon, 21 Oct 2013 12:27:35 +0900
Available diffs
- diff from 0.12.4-0nocelt1 to 0.12.4-0nocelt1.1 (813 bytes)
spice (0.12.2-0nocelt2expubuntu1.1) raring-security; urgency=low * SECURITY UPDATE: denial of service via unsafe removals - debian/patches/CVE-2013-4130.patch: use RING_FOREACH_SAFE in server/red_channel.c. - CVE-2013-4130 -- Marc Deslauriers <email address hidden> Wed, 07 Aug 2013 15:14:28 -0400
Available diffs
Superseded in trusty-release |
Obsolete in saucy-release |
Deleted in saucy-proposed (Reason: moved to release) |
spice (0.12.4-0nocelt1) unstable; urgency=low * New upstream release (Closes: #717030) * Remove .version after build (Closes: #671627) * debian/control: - Bump Standards-Version to 3.9.4 (no changes) - Update VCS-* to use canonical URIs * debian/patches: - fix-tests-warnings.patch, refresh - link-server-test-with-libm-libpthread.patch, add (Closes: #713681) * Refresh libspice-server1.symbols -- Liang Guo <email address hidden> Thu, 25 Jul 2013 00:10:00 +0800
Available diffs
spice (0.12.3-0nocelt1ubuntu1) saucy; urgency=low * Link server tests with -lm. -- Serge Hallyn <email address hidden> Thu, 23 May 2013 18:07:51 +0200
Available diffs
Superseded in saucy-release |
Obsolete in raring-release |
Deleted in raring-proposed (Reason: moved to release) |
spice (0.12.2-0nocelt2expubuntu1) raring; urgency=low * Link server tests with -lm. -- Matthias Klose <email address hidden> Tue, 02 Apr 2013 09:29:32 +0200
Available diffs
1 → 75 of 83 results | First • Previous • Next • Last |