Change log for spice package in Ubuntu
| 1 → 75 of 83 results | First • Previous • Next • Last |
spice (0.15.2-1) unstable; urgency=medium
[ Michael Tokarev ]
* new upstream release
* d/source/lintian-overrides: add overrides for asciidoc-generated
html files in docs/
* d/control: add loong64 to Architecture: list (Closes: #1059010)
* d/patches/: remove meson-omit-meson-dist.patch
(upstream finally included the missing file)
* d/patches: remove do-not-run-nonexisting-doxygen-sh.patch
(not needed anymore)
* d/rules: export PYTHONDONTWRITEBYTECODE=1 (Closes: #1048594)
* d/control: s/pkg-config/pkgconf/
* d/control: Standards-Version: 4.7.0 (no changes needed)
[ Debian Janitor ]
* Remove constraints unnecessary since buster (oldstable)
-- Michael Tokarev <email address hidden> Sun, 16 Jun 2024 17:43:40 +0300
Available diffs
- diff from 0.15.1-1build2 (in Ubuntu) to 0.15.2-1 (281.5 KiB)
| Superseded in oracular-release |
| Published in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
spice (0.15.1-1build2) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- William Grant <email address hidden> Mon, 01 Apr 2024 15:49:16 +1100
Available diffs
- diff from 0.15.1-1build1 to 0.15.1-1build2 (305 bytes)
spice (0.15.1-1build1) noble; urgency=medium * No-change rebuild against libssl3t64 -- Steve Langasek <email address hidden> Mon, 04 Mar 2024 21:24:35 +0000
Available diffs
- diff from 0.15.1-1 (in Debian) to 0.15.1-1build1 (530 bytes)
| Deleted in noble-updates (Reason: superseded by release) |
| Superseded in noble-release |
| Published in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
spice (0.15.1-1) unstable; urgency=medium
* new upstream release (0.15.1)
Closes: LP#1964777
* remove patches applied upstream:
build-Correctly-check-for-Python-modules.patch
test-leaks-fix-the-test-with-OpenSSL3.patch
* meson-omit-meson-dist.patch: fix build with meson (it fails right away
because build-aux/meson-dist file is not included in the source tarball)
* move gstreamer1.0-libav from Recommends: to Suggests: on Ubuntu (MR!5)
* d/gbp.conf: create initial gbp config
* d/watch:
fix url/location
include all releases, not just even (02468) ones
signature is foo.sig now, not foo.sign
* d/upstream/signing-key.asc: key 206D3B352F566F3B0E6572E997D9123DE37A484F
Victor Toso de Carvalho <email address hidden>
-- Michael Tokarev <email address hidden> Mon, 17 Oct 2022 20:33:40 +0300
Available diffs
| Superseded in lunar-release |
| Obsolete in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
spice (0.15.0-4ubuntu1) kinetic; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/control: Don't recommend -libav gstreamer plugins since it is in
universe. This now downgrades it to a suggest instead of completely
removing the dependency.
- d/p/Revert-reds-start-QXL-devices-if-VM-is-running-fix-r.patch: fix race
on spice init (LP: #1964777)
* Dropped changes:
- test-leaks-fix-the-test-with-OpenSSL3.patch [in 0.15.0-4]
-- Christian Ehrhardt <email address hidden> Tue, 20 Sep 2022 08:36:12 +0200
Available diffs
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
spice (0.15.0-2ubuntu4) jammy; urgency=medium
* d/p/Revert-reds-start-QXL-devices-if-VM-is-running-fix-r.patch: fix race
on spice init (LP: #1964777)
-- Christian Ehrhardt <email address hidden> Mon, 21 Mar 2022 09:23:33 +0100
Available diffs
spice (0.15.0-2ubuntu3) jammy; urgency=medium * No-change rebuild against openssl3 -- Simon Chopin <email address hidden> Wed, 01 Dec 2021 16:10:53 +0000
Available diffs
- diff from 0.15.0-2ubuntu2 to 0.15.0-2ubuntu3 (333 bytes)
spice (0.15.0-2ubuntu2) jammy; urgency=medium
* d/p/0001-test-leaks-fix-the-test-with-OpenSSL3.patch:
Fix the test suite against OpenSSL3 (LP: #1946198)
-- Simon Chopin <email address hidden> Wed, 10 Nov 2021 14:22:14 +0100
Available diffs
spice (0.15.0-2ubuntu1) jammy; urgency=medium * Merge with Debian unstable (LP: #1946901). Remaining changes: - d/control: Don't recommend -libav gstreamer plugins since it is in universe. This now downgrades it to a suggest instead of completely removing the dependency. * Dropped changes - d/t/automated-tests: avoid test fail due to build errors [in Debian now]
Available diffs
- diff from 0.14.3-2.1ubuntu1 to 0.15.0-2ubuntu1 (636.1 KiB)
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
spice (0.14.3-2.1ubuntu1) impish; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/control: Don't recommend -libav gstreamer plugins since it
is in universe. This now downgrades it to a suggest instead
of completely removing the dependency.
- d/t/automated-tests: avoid test fail due to build
errors (Closes: #973803).
-- Miriam EspaƱa Acebal <email address hidden> Fri, 13 Aug 2021 14:12:44 +0200
Available diffs
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: moved to Release) |
spice (0.14.3-2ubuntu3) hirsute; urgency=medium * d/t/automated-tests: avoid test fail due to build errors (Closes: #973803)
Available diffs
- diff from 0.14.3-1ubuntu2 to 0.14.3-2ubuntu3 (4.8 KiB)
- diff from 0.14.3-2ubuntu2 to 0.14.3-2ubuntu3 (515 bytes)
| Superseded in hirsute-proposed |
spice (0.14.3-2ubuntu2) hirsute; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/control: Don't recommend -libav gstreamer plugins since it is in
universe. This now downgrades it to a suggest instead of completely
removing the dependency.
Available diffs
- diff from 0.14.3-2ubuntu1 to 0.14.3-2ubuntu2 (364 bytes)
| Superseded in hirsute-proposed |
spice (0.14.3-2ubuntu1) hirsute; urgency=medium * Merge with Debian unstable (LP: #9999999). Remaining changes: - d/control: Don't recommend -libav gstreamer plugins since it is in universe. This now downgrades it to a suggest instead of completely removing the dependency.
Available diffs
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
spice (0.14.3-1ubuntu2) groovy; urgency=medium
* SECURITY UPDATE: multiple buffer overflows in QUIC image decoding
- debian/patches/CVE-2020-14355-1.patch: check we have some data to
start decoding quic image in subprojects/spice-common/common/quic.c.
- debian/patches/CVE-2020-14355-2.patch: check image size in
quic_decode_begin in subprojects/spice-common/common/quic.c.
- debian/patches/CVE-2020-14355-3.patch: check RLE lengths in
subprojects/spice-common/common/quic_tmpl.c.
- debian/patches/CVE-2020-14355-4.patch: avoid possible buffer overflow
in find_bucket in subprojects/spice-common/common/quic_family_tmpl.c.
- CVE-2020-14355
-- Marc Deslauriers <email address hidden> Thu, 01 Oct 2020 07:00:18 -0400
Available diffs
spice (0.12.6-4ubuntu0.5) xenial-security; urgency=medium
* SECURITY UPDATE: multiple buffer overflows in QUIC image decoding
- debian/patches/CVE-2020-14355-1.patch: check we have some data to
start decoding quic image in spice-common/common/quic.c.
- debian/patches/CVE-2020-14355-2.patch: check image size in
quic_decode_begin in spice-common/common/quic.c.
- debian/patches/CVE-2020-14355-3.patch: check RLE lengths in
spice-common/common/quic_tmpl.c.
- debian/patches/CVE-2020-14355-4.patch: avoid possible buffer overflow
in find_bucket in spice-common/common/quic_family_tmpl.c.
- CVE-2020-14355
-- Marc Deslauriers <email address hidden> Thu, 01 Oct 2020 07:15:42 -0400
Available diffs
spice (0.14.0-1ubuntu2.5) bionic-security; urgency=medium
* SECURITY UPDATE: multiple buffer overflows in QUIC image decoding
- debian/patches/CVE-2020-14355-1.patch: check we have some data to
start decoding quic image in spice-common/common/quic.c.
- debian/patches/CVE-2020-14355-2.patch: check image size in
quic_decode_begin in spice-common/common/quic.c.
- debian/patches/CVE-2020-14355-3.patch: check RLE lengths in
spice-common/common/quic_tmpl.c.
- debian/patches/CVE-2020-14355-4.patch: avoid possible buffer overflow
in find_bucket in spice-common/common/quic_family_tmpl.c.
- CVE-2020-14355
-- Marc Deslauriers <email address hidden> Thu, 01 Oct 2020 07:12:53 -0400
Available diffs
spice (0.14.2-4ubuntu3.1) focal-security; urgency=medium
* SECURITY UPDATE: multiple buffer overflows in QUIC image decoding
- debian/patches/CVE-2020-14355-1.patch: check we have some data to
start decoding quic image in subprojects/spice-common/common/quic.c.
- debian/patches/CVE-2020-14355-2.patch: check image size in
quic_decode_begin in subprojects/spice-common/common/quic.c.
- debian/patches/CVE-2020-14355-3.patch: check RLE lengths in
subprojects/spice-common/common/quic_tmpl.c.
- debian/patches/CVE-2020-14355-4.patch: avoid possible buffer overflow
in find_bucket in subprojects/spice-common/common/quic_family_tmpl.c.
- CVE-2020-14355
-- Marc Deslauriers <email address hidden> Thu, 01 Oct 2020 07:03:54 -0400
Available diffs
spice (0.14.3-1ubuntu1) groovy; urgency=medium * Merge with Debian unstable (LP: #1881093). Remaining changes: - d/control: Don't recommend -libav gstreamer plugins since it is in universe - make autopkgtests work again - d/t/automated-tests: spice-common moved into dir subprojects - d/t/automated-tests: option --enable-automated-tests now is always on - d/t/control: make tests more debuggable by allowing stderr - d/t/control: install new test dependency python-pil - d/t/regression-test.py, d/t/base_test.ppm: add file dropped in release tarball but needed for autopkgtests - d/source/include-binaries: allow binary base_test.ppm in package * Dropped changes - d/p/lp-1874054-*: fix rescaling and some crashes (LP: 1874054) [Upstream in 0.14.3]
Available diffs
- diff from 0.14.2-4ubuntu3 to 0.14.3-1ubuntu1 (561.2 KiB)
| Superseded in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
| Superseded in groovy-proposed |
| Superseded in focal-updates |
| Deleted in focal-proposed (Reason: moved to -updates) |
spice (0.14.2-4ubuntu3) focal; urgency=medium * d/p/lp-1874054-*: fix rescaling and some crashes (LP: #1874054) -- Christian Ehrhardt <email address hidden> Tue, 21 Apr 2020 14:05:18 +0200
Available diffs
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
spice (0.14.2-4ubuntu2) focal; urgency=medium * No-change rebuild for libgcc-s1 package name change. -- Matthias Klose <email address hidden> Mon, 23 Mar 2020 07:26:08 +0100
Available diffs
- diff from 0.14.2-4ubuntu1 to 0.14.2-4ubuntu2 (347 bytes)
spice (0.14.2-4ubuntu1) focal; urgency=medium * Merge with Debian unstable (LP: #1852439). Remaining changes: - d/control: Don't recommend -libav gstreamer plugins since it is in universe - make autopkgtests work again - d/t/automated-tests: spice-common moved into dir subprojects - d/t/automated-tests: option --enable-automated-tests now is always on - d/t/control: make tests more debuggable by allowing stderr - d/t/control: install new test dependency python-pil - d/t/regression-test.py, d/t/base_test.ppm: add file dropped in release tarball but needed for autopkgtests - d/source/include-binaries: allow binary base_test.ppm in package * Added changes: - d/t/automated-tests, d/t/control: make autopkgtests python3 compatible * Dropped Changes (in Debian): - d/control: Don't recommend -ugly gstreamer plugins since it is in universe - d/patches: drop patches being upstream in 0.14.2 - new upstream 0.14.2 - disable failing test-listen - d/libspice-server1.symbols: update for new symbols in 14.2 - d/p/fix-test-qxl-parsing-on-ppc64el-and-armhf.patch: avoid FTBFS due to different handling of high words for constants - d/control: bump build dependency to libspice-protocol-dev >=0.14.0 * Dropped Changes (Upstream) - SECURITY UPDATE: Integer overflow and buffer overflow CVE-2017-12194 - SECURITY UPDATE: Denial of service CVE-2018-10873 - SECURITY UPDATE: off-by-one error in memslot_get_virt CVE-2019-3813
Available diffs
| Superseded in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to release) |
spice (0.14.2-0ubuntu2) eoan; urgency=medium * Fixup autpkgtest (LP: #1834286) These changes will make the test able to run again, but not output mismatch errors (this matches the behavior before 0.14.2). Upstream discussion started on how to resolve that as a next step, more details at the LP bug. - d/t/automated-tests: spice-common moved into dir subprojects - d/t/automated-tests: option --enable-automated-tests now is always on" - d/t/automated-tests, d/t/control: make tests more debuggable by allowing stderr - d/t/control: install new test dependency python-pil - d/t/base_test.ppm, d/t/regression-test.py: provide test resources from upstream git not part of the released tarball anymore - d/source/include-binaries: allow binary base_test.ppm in package -- Christian Ehrhardt <email address hidden> Tue, 25 Jun 2019 12:59:01 +0200
Available diffs
| Superseded in eoan-proposed |
spice (0.14.2-0ubuntu1) eoan; urgency=medium
* New upstream release
Among many other fixes this will resolve (LP: #1814146)
- d/p/disable-failing-test-listen.patch: disable new test that is
unreliable in the build environment
- d/patches: drop patches being upstream in 0.14.2
+ debian/patches/CVE-2017-12194-1.patch
+ debian/patches/CVE-2017-12194-2.patch
+ debian/patches/CVE-2017-12194-3.patch
+ debian/patches/CVE-2018-10873.patch
+ debian/patches/CVE-2019-3813.patch
- d/libspice-server1.symbols: update for new symbols in 14.2
- d/p/fix-test-qxl-parsing-on-ppc64el-and-armhf.patch: avoid FTBFS due
to different handling of high words for constants
- d/control: bump build dependency to libspice-protocol-dev >=0.14.0
-- Christian Ehrhardt <email address hidden> Fri, 24 May 2019 12:27:26 +0200
Available diffs
| Superseded in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
spice (0.14.0-1ubuntu5) disco; urgency=medium
* SECURITY UPDATE: off-by-one error in memslot_get_virt
- debian/patches/CVE-2019-3813.patch: fix checks in server/memslot.c,
add tests to server/tests/test-qxl-parsing.c.
- CVE-2019-3813
* debian/tests/automated-tests: fix incorrect test name, don't fail on
build writing to stderr.
-- Marc Deslauriers <email address hidden> Thu, 24 Jan 2019 08:58:10 -0500
Available diffs
spice (0.14.0-1ubuntu4.2) cosmic-security; urgency=medium
* SECURITY UPDATE: off-by-one error in memslot_get_virt
- debian/patches/CVE-2019-3813.patch: fix checks in server/memslot.c,
add tests to server/tests/test-qxl-parsing.c.
- CVE-2019-3813
* debian/tests/automated-tests: fix incorrect test name, don't fail on
build writing to stderr.
-- Marc Deslauriers <email address hidden> Thu, 24 Jan 2019 08:58:10 -0500
Available diffs
spice (0.14.0-1ubuntu2.4) bionic-security; urgency=medium
* SECURITY UPDATE: off-by-one error in memslot_get_virt
- debian/patches/CVE-2019-3813.patch: fix checks in server/memslot.c,
add tests to server/tests/test-qxl-parsing.c.
- CVE-2019-3813
* debian/tests/automated-tests: fix incorrect test name, don't fail on
build writing to stderr.
-- Marc Deslauriers <email address hidden> Thu, 24 Jan 2019 09:00:10 -0500
Available diffs
spice (0.12.4-0nocelt2ubuntu1.8) trusty-security; urgency=medium
* SECURITY UPDATE: off-by-one error in memslot_get_virt
- debian/patches/CVE-2019-3813.patch: fix checks in
server/red_memslots.c.
- CVE-2019-3813
-- Marc Deslauriers <email address hidden> Thu, 24 Jan 2019 09:46:04 -0500
Available diffs
spice (0.12.6-4ubuntu0.4) xenial-security; urgency=medium
* SECURITY UPDATE: off-by-one error in memslot_get_virt
- debian/patches/CVE-2019-3813.patch: fix checks in
server/red_memslots.c.
- CVE-2019-3813
-- Marc Deslauriers <email address hidden> Thu, 24 Jan 2019 09:45:07 -0500
Available diffs
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
spice (0.14.0-1ubuntu4) cosmic; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-10873.patch: fix in
spice-common/python_modules/demarshal.py,
- CVE-2018-10873
-- <email address hidden> (Leonidas S. Barbosa) Mon, 20 Aug 2018 13:26:02 -0300
Available diffs
spice (0.14.0-1ubuntu2.2) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-10873.patch: fix in
spice-common/python_modules/demarshal.py,
- CVE-2018-10873
-- <email address hidden> (Leonidas S. Barbosa) Mon, 20 Aug 2018 15:44:02 -0300
Available diffs
spice (0.12.4-0nocelt2ubuntu1.7) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-10873.patch: fix in
spice-common/python_modules/demarshal.py,
- CVE-2018-10873
-- <email address hidden> (Leonidas S. Barbosa) Mon, 20 Aug 2018 15:45:59 -0300
Available diffs
spice (0.14.0-1ubuntu3) cosmic; urgency=medium
* SECURITY UPDATE: Integer overflow and buffer overflow
- debian/patches/CVE-2017-12194-1.patch: fix a integer overflow
computing sizes in spice-common/python_modules/demarshal.py.
- debian/patches/CVE-2017-12194-2.patch: avoid integer overflow
in spice-common/python_modules/demarshal.py,
spice-common/python_modules/marshal.py.
- debian/patches/CVE-2017-12194-3.patch: add tests to verify fix.
- CVE-2017-12194
-- <email address hidden> (Leonidas S. Barbosa) Tue, 22 May 2018 14:53:01 -0300
Available diffs
spice (0.12.4-0nocelt2ubuntu1.6) trusty-security; urgency=medium
* SECURITY UPDATE: Integer overflow and buffer overflow
- debian/patches/CVE-2017-12194-1.patch: fix a integer overflow
computing sizes in spice-common/python_modules/demarshal.py.
- debian/patches/CVE-2017-12194-2.patch: avoid integer overflow
in spice-common/python_modules/demarshal.py,
spice-common/python_modules/marshal.py.
- CVE-2017-12194
-- <email address hidden> (Leonidas S. Barbosa) Tue, 22 May 2018 13:01:14 -0300
spice (0.12.8-2.2ubuntu0.1) artful-security; urgency=medium
* SECURITY UPDATE: Integer overflow and buffer overflow
- debian/patches/CVE-2017-12194-1.patch: fix a integer overflow
computing sizes in spice-common/python_modules/demarshal.py.
- debian/patches/CVE-2017-12194-2.patch: avoid integer overflow
in spice-common/python_modules/demarshal.py,
spice-common/python_modules/marshal.py.
- debian/patches/CVE-2017-12194-3.patch: add tests to verify fix.
- CVE-2017-12194
-- <email address hidden> (Leonidas S. Barbosa) Tue, 22 May 2018 13:46:36 -0300
Available diffs
spice (0.14.0-1ubuntu2.1) bionic-security; urgency=medium
* SECURITY UPDATE: Integer overflow and buffer overflow
- debian/patches/CVE-2017-12194-1.patch: fix a integer overflow
computing sizes in spice-common/python_modules/demarshal.py.
- debian/patches/CVE-2017-12194-2.patch: avoid integer overflow
in spice-common/python_modules/demarshal.py,
spice-common/python_modules/marshal.py.
- debian/patches/CVE-2017-12194-3.patch: add tests to verify fix.
- CVE-2017-12194
-- <email address hidden> (Leonidas S. Barbosa) Tue, 22 May 2018 14:33:20 -0300
Available diffs
| Superseded in cosmic-release |
| Published in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
spice (0.14.0-1ubuntu2) bionic; urgency=high * No change rebuild against openssl1.1. -- Dimitri John Ledkov <email address hidden> Tue, 06 Feb 2018 17:55:31 +0000
Available diffs
- diff from 0.14.0-1ubuntu1 to 0.14.0-1ubuntu2 (340 bytes)
spice (0.14.0-1ubuntu1) bionic; urgency=medium
* Don't recommend -ugly or -libav gstreamer plugins since they
are in universe
-- Jeremy Bicha <email address hidden> Wed, 01 Nov 2017 21:55:03 -0400
Available diffs
spice (0.14.0-1) unstable; urgency=medium
* New upstream release
* debian/copyright: refresh
* debian/control:
- Add liborc-0.4-dev to Build-Depends
- Update Build-Depends on debhelper to >= 10
- Remove dh-autoreconf from Build-Depends
- Bump Standards-Version to 4.1.1 (no changes)
- Use https in Homepage
* debian/compat, bump to 10
* debian/watch, switch to https
-- Liang Guo <email address hidden> Thu, 19 Oct 2017 14:35:54 +0800
Available diffs
- diff from 0.12.8-2.2 to 0.14.0-1 (860.6 KiB)
| Superseded in bionic-release |
| Obsolete in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
spice (0.12.8-2.2) unstable; urgency=medium
* Non-maintainer upload.
* Fix CVE-2017-7506: (Closes: #868083)
Possible buffer overflow via invalid monitor configurations.
-- Markus Koschany <email address hidden> Fri, 21 Jul 2017 23:34:38 +0200
Available diffs
spice (0.12.8-2.1ubuntu0.1) artful; urgency=medium
* SECURITY UPDATE: buffer overflow via invalid monitor configurations
- debian/patches/CVE-2017-7506-1.patch: disconnect when receiving
overly big ClientMonitorsConfig in server/reds.c.
- debian/patches/CVE-2017-7506-2.patch: avoid integer overflows
handling monitor configuration in server/reds.c.
- debian/patches/CVE-2017-7506-3.patch: avoid buffer overflows handling
monitor configuration in server/reds.c.
- CVE-2017-7506
-- Marc Deslauriers <email address hidden> Tue, 18 Jul 2017 13:30:46 -0400
Available diffs
spice (0.12.4-0nocelt2ubuntu1.5) trusty-security; urgency=medium
* SECURITY UPDATE: buffer overflow via invalid monitor configurations
- debian/patches/CVE-2017-7506-1.patch: disconnect when receiving
overly big ClientMonitorsConfig in server/reds.c.
- debian/patches/CVE-2017-7506-2.patch: avoid integer overflows
handling monitor configuration in server/reds.c.
- debian/patches/CVE-2017-7506-3.patch: avoid buffer overflows handling
monitor configuration in server/reds.c.
- CVE-2017-7506
-- Marc Deslauriers <email address hidden> Tue, 18 Jul 2017 13:39:05 -0400
spice (0.12.6-4ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: buffer overflow via invalid monitor configurations
- debian/patches/CVE-2017-7506-1.patch: disconnect when receiving
overly big ClientMonitorsConfig in server/reds.c.
- debian/patches/CVE-2017-7506-2.patch: avoid integer overflows
handling monitor configuration in server/reds.c.
- debian/patches/CVE-2017-7506-3.patch: avoid buffer overflows handling
monitor configuration in server/reds.c.
- CVE-2017-7506
-- Marc Deslauriers <email address hidden> Tue, 18 Jul 2017 13:34:33 -0400
Available diffs
spice (0.12.8-2ubuntu1.1) zesty-security; urgency=medium
* SECURITY UPDATE: buffer overflow via invalid monitor configurations
- debian/patches/CVE-2017-7506-1.patch: disconnect when receiving
overly big ClientMonitorsConfig in server/reds.c.
- debian/patches/CVE-2017-7506-2.patch: avoid integer overflows
handling monitor configuration in server/reds.c.
- debian/patches/CVE-2017-7506-3.patch: avoid buffer overflows handling
monitor configuration in server/reds.c.
- CVE-2017-7506
-- Marc Deslauriers <email address hidden> Tue, 18 Jul 2017 13:33:41 -0400
Available diffs
spice (0.12.8-2.1) unstable; urgency=medium
* Non-maintainer upload.
* Add CVE-2016-9577-and-CVE-2016-9578.patch:
- CVE-2016-9577: A buffer overflow vulnerability in
main_channel_alloc_msg_rcv_buf was found that occurs when reading large
messages due to missing buffer size check.
- CVE-2016-9578: A vulnerability was discovered in the server's
protocol handling. An attacker able to connect to the spice server could
send crafted messages which would cause the process to crash.
(Closes: #854336)
-- Markus Koschany <email address hidden> Mon, 13 Feb 2017 21:42:01 +0100
Available diffs
| Superseded in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
spice (0.12.8-2ubuntu1) zesty; urgency=medium
* SECURITY UPDATE: overflow when reading large messages
- debian/patches/CVE-2016-9577.patch: check size in
server/main_channel.c.
- CVE-2016-9577
* SECURITY UPDATE: DoS via crafted message
- debian/patches/CVE-2016-9578-1.patch: limit size in server/reds.c.
- debian/patches/CVE-2016-9578-2.patch: limit caps in server/reds.c.
- CVE-2016-9578
-- Marc Deslauriers <email address hidden> Wed, 15 Feb 2017 13:58:19 -0500
Available diffs
spice (0.12.6-4ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: overflow when reading large messages
- debian/patches/CVE-2016-9577.patch: check size in
server/main_channel.c.
- CVE-2016-9577
* SECURITY UPDATE: DoS via crafted message
- debian/patches/CVE-2016-9578-1.patch: limit size in server/reds.c.
- debian/patches/CVE-2016-9578-2.patch: limit caps in server/reds.c.
- CVE-2016-9578
-- Marc Deslauriers <email address hidden> Wed, 15 Feb 2017 14:02:33 -0500
Available diffs
spice (0.12.4-0nocelt2ubuntu1.4) trusty-security; urgency=medium
* SECURITY UPDATE: overflow when reading large messages
- debian/patches/CVE-2016-9577.patch: check size in
server/main_channel.c.
- CVE-2016-9577
* SECURITY UPDATE: DoS via crafted message
- debian/patches/CVE-2016-9578-1.patch: limit size in server/reds.c.
- debian/patches/CVE-2016-9578-2.patch: limit caps in server/reds.c.
- CVE-2016-9578
-- Marc Deslauriers <email address hidden> Wed, 15 Feb 2017 14:07:29 -0500
spice (0.12.8-1ubuntu0.1) yakkety-security; urgency=medium
* SECURITY UPDATE: overflow when reading large messages
- debian/patches/CVE-2016-9577.patch: check size in
server/main_channel.c.
- CVE-2016-9577
* SECURITY UPDATE: DoS via crafted message
- debian/patches/CVE-2016-9578-1.patch: limit size in server/reds.c.
- debian/patches/CVE-2016-9578-2.patch: limit caps in server/reds.c.
- CVE-2016-9578
-- Marc Deslauriers <email address hidden> Wed, 15 Feb 2017 14:01:44 -0500
Available diffs
spice (0.12.8-2) unstable; urgency=medium
* Build on all little-endian architectures (Closes: #734218)
* Drop -dbg package and rely on the automatically built one (-dbgsym)
* Drop the libasound2-dev build-dependency, this was needed for the
spice-client which is gone since 0.12.6-1
-- Liang Guo <email address hidden> Fri, 06 Jan 2017 21:50:55 +0800
Available diffs
- diff from 0.12.8-1 to 0.12.8-2 (1.2 KiB)
| Superseded in zesty-release |
| Obsolete in yakkety-release |
| Deleted in yakkety-proposed (Reason: moved to release) |
spice (0.12.8-1) unstable; urgency=medium
* New upstream release
* Remove debian/patches/{CVE-2016-0749,CVE-2016-2150}, applied
Upstream
-- Liang Guo <email address hidden> Tue, 26 Jul 2016 11:06:19 +0800
Available diffs
- diff from 0.12.7-1 to 0.12.8-1 (10.9 KiB)
spice (0.12.7-1) unstable; urgency=medium * New upstream release * Update debian/copyright * Refresh debian/patches * Static build is disabled, remove lib*.a from libspice-server-dev * Update Standards-Version to 3.9.8 (no changes) * Use secure uri in vcs-* -- Liang Guo <email address hidden> Thu, 23 Jun 2016 14:09:24 +0800
Available diffs
- diff from 0.12.6-4.1 to 0.12.7-1 (97.5 KiB)
spice (0.12.6-4.1) unstable; urgency=high
* Non-maintainer upload.
* CVE-2016-0749: heap-based buffer overflow in smartcard interaction
(Closes: #826585)
* CVE-2016-2150: host memory access from guest using crafted primary surface
parameters (Closes: #826584)
-- Salvatore Bonaccorso <email address hidden> Mon, 06 Jun 2016 19:22:10 +0200
Available diffs
spice (0.12.4-0nocelt2ubuntu1.3) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
memory allocation flaw in smartcard interaction
- debian/patches/CVE-2016-0749/*.patch: add a ref to item and allocate
msg with the expected size in server/smartcard.c.
- CVE-2016-0749
* SECURITY UPDATE: host memory access from guest with invalid primary
surface parameters
- debian/patches/CVE-2016-2150/*.patch: create a function to validate
surface parameters in server/red_parse_qxl.*, improve primary surface
parameter checks in server/red_worker.c.
- CVE-2016-2150
* Added two extra commits to previous security update:
- 0001-worker-validate-correctly-surfaces.patch
- 0002-worker-avoid-double-free-or-double-create-of-surface.patch
-- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 10:58:27 -0400
spice (0.12.5-1.1ubuntu2.1) wily-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
memory allocation flaw in smartcard interaction
- debian/patches/CVE-2016-0749/*.patch: add a ref to item and allocate
msg with the expected size in server/smartcard.c.
- CVE-2016-0749
* SECURITY UPDATE: host memory access from guest with invalid primary
surface parameters
- debian/patches/CVE-2016-2150/*.patch: create a function to validate
surface parameters in server/red_parse_qxl.*, improve primary surface
parameter checks in server/red_worker.c.
- CVE-2016-2150
* Added two extra commits to previous security update:
- 0001-worker-validate-correctly-surfaces.patch
- 0002-worker-avoid-double-free-or-double-create-of-surface.patch
-- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 10:54:26 -0400
Available diffs
spice (0.12.6-4ubuntu1) yakkety; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
memory allocation flaw in smartcard interaction
- debian/patches/CVE-2016-0749/*.patch: add a ref to item and allocate
msg with the expected size in server/smartcard.c.
- CVE-2016-0749
* SECURITY UPDATE: host memory access from guest with invalid primary
surface parameters
- debian/patches/CVE-2016-2150/*.patch: create a function to validate
surface parameters in server/red_parse_qxl.*, improve primary surface
parameter checks in server/red_worker.c.
- CVE-2016-2150
-- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 10:12:39 -0400
Available diffs
spice (0.12.6-4ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
memory allocation flaw in smartcard interaction
- debian/patches/CVE-2016-0749/*.patch: add a ref to item and allocate
msg with the expected size in server/smartcard.c.
- CVE-2016-0749
* SECURITY UPDATE: host memory access from guest with invalid primary
surface parameters
- debian/patches/CVE-2016-2150/*.patch: create a function to validate
surface parameters in server/red_parse_qxl.*, improve primary surface
parameter checks in server/red_worker.c.
- CVE-2016-2150
-- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 10:12:39 -0400
Available diffs
| Superseded in yakkety-release |
| Published in xenial-release |
| Deleted in xenial-proposed (Reason: moved to release) |
spice (0.12.6-4) unstable; urgency=medium
* stop depending libspice-server-dev on libcacard-dev (#802413).
Instead, remove mention of libcacard from the .pc file, as it
is not actually used when building with libspice-server.
* remove Requires.private defs from .pc file -- we're not building static
libs, but if Requires.private is present, pkg-config requires the other
.pc files to be present too, which is wrong (Closes: #803926)
-- Michael Tokarev <email address hidden> Fri, 06 Nov 2015 10:43:55 +0300
Available diffs
| Superseded in xenial-release |
| Obsolete in wily-release |
| Deleted in wily-proposed (Reason: moved to release) |
spice (0.12.5-1.1ubuntu2) wily; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/CVE-2015-526x/*.patch: apply series of patches from
Red Hat to fix overflows, race conditions, memory leaks and denial of
service issues.
- CVE-2015-5260
- CVE-2015-5261
-- Marc Deslauriers <email address hidden> Mon, 19 Oct 2015 12:29:46 -0400
Available diffs
spice (0.12.5-1ubuntu0.2) vivid-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/CVE-2015-526x/*.patch: apply series of patches from
Red Hat to fix overflows, race conditions, memory leaks and denial of
service issues.
- CVE-2015-5260
- CVE-2015-5261
-- Marc Deslauriers <email address hidden> Thu, 01 Oct 2015 07:20:39 -0400
Available diffs
spice (0.12.4-0nocelt2ubuntu1.2) trusty-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/CVE-2015-526x/*.patch: apply series of patches from
Red Hat to fix overflows, race conditions, memory leaks and denial of
service issues.
- CVE-2015-5260
- CVE-2015-5261
-- Marc Deslauriers <email address hidden> Thu, 01 Oct 2015 07:37:43 -0400
Available diffs
spice (0.12.5-1.1ubuntu1) wily; urgency=medium
* SECURITY UPDATE: heap corruption via monitor configs
- debian/patches/CVE-2015-3247.patch: only read count once in
server/red_worker.c.
- CVE-2015-3247
-- Marc Deslauriers <email address hidden> Tue, 08 Sep 2015 07:58:48 -0400
Available diffs
spice (0.12.5-1ubuntu0.1) vivid-security; urgency=medium
* SECURITY UPDATE: heap corruption via monitor configs
- debian/patches/CVE-2015-3247.patch: only read count once in
server/red_worker.c.
- CVE-2015-3247
-- Marc Deslauriers <email address hidden> Tue, 08 Sep 2015 08:02:34 -0400
Available diffs
spice (0.12.4-0nocelt2ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: heap corruption via monitor configs
- debian/patches/CVE-2015-3247.patch: only read count once in
server/red_worker.c.
- CVE-2015-3247
-- Marc Deslauriers <email address hidden> Tue, 08 Sep 2015 08:03:35 -0400
Available diffs
spice (0.12.5-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Enable smartcard support now that libcacard is in the archive (Closes:
#786833)
-- Laurent Bigonville <email address hidden> Fri, 14 Aug 2015 09:29:41 +0200
Available diffs
- diff from 0.12.5-1 to 0.12.5-1.1 (904 bytes)
spice (0.12.4-0nocelt2ubuntu1) trusty-proposed; urgency=medium [Gregory Boyce] * Fix newline-damaged patch (LP: #1450043) -- Serge Hallyn <email address hidden> Mon, 04 May 2015 10:47:58 -0500
Available diffs
| Superseded in wily-release |
| Obsolete in vivid-release |
| Obsolete in utopic-release |
| Deleted in utopic-proposed (Reason: moved to release) |
spice (0.12.5-1) unstable; urgency=medium
* new upstream release. Can now build without celt!
* Dropped patches:
- make-celt-to-be-optional.patch
- link-server-test-with-libm-libpthread.patch
- enable_subdir-objects.patch
- fix-buffer-overflow-when-decrypting-client-spice-ticket.patch
* build-depend on libopus-dev, which enables opus support
(no --enable-opus configure flag for now)
* do not remove .version in clean anymore (it is part of the tarball)
* do not use dh_autoreconf, since we aren't changing autoconf anymore
* update libspice-server1.symbols with new symbols
* introduce libspice-server1-dbg package (Closes: #743850)
* fix the vcs-browse url (Closes: #722241)
-- Michael Tokarev <email address hidden> Fri, 23 May 2014 19:26:44 +0400
Available diffs
- diff from 0.12.4-0nocelt2 to 0.12.5-1 (309.1 KiB)
| Superseded in utopic-release |
| Published in trusty-release |
| Deleted in trusty-proposed (Reason: moved to release) |
spice (0.12.4-0nocelt2) unstable; urgency=high * Fix CVE-2013-4282 (Closes: #728314) -- Liang Guo <email address hidden> Thu, 07 Nov 2013 22:44:29 +0800
Available diffs
spice (0.12.2-0nocelt2expubuntu1.2) raring-security; urgency=low
* SECURITY UPDATE: denial of service via long password in a SPICE ticket
- debian/patches/CVE-2013-4282.patch: validate password length in
server/reds.c.
- CVE-2013-4282
-- Marc Deslauriers <email address hidden> Wed, 06 Nov 2013 09:44:27 -0500
Available diffs
spice (0.12.4-0nocelt1ubuntu0.1) saucy-security; urgency=low
* SECURITY UPDATE: denial of service via long password in a SPICE ticket
- debian/patches/CVE-2013-4282.patch: validate password length in
server/reds.c.
- CVE-2013-4282
-- Marc Deslauriers <email address hidden> Wed, 06 Nov 2013 09:43:28 -0500
Available diffs
spice (0.12.4-0nocelt1.1ubuntu1) trusty; urgency=low
* SECURITY UPDATE: denial of service via long password in a SPICE ticket
- debian/patches/CVE-2013-4282.patch: validate password length in
server/reds.c.
- CVE-2013-4282
-- Marc Deslauriers <email address hidden> Wed, 06 Nov 2013 09:41:43 -0500
Available diffs
spice (0.12.4-0nocelt1.1) unstable; urgency=low
* Non-maintainer upload.
* debian/patches
- add enable_subdir-objects.patch (Closes: #724093)
-- Hideki Yamane <email address hidden> Mon, 21 Oct 2013 12:27:35 +0900
Available diffs
- diff from 0.12.4-0nocelt1 to 0.12.4-0nocelt1.1 (813 bytes)
spice (0.12.2-0nocelt2expubuntu1.1) raring-security; urgency=low
* SECURITY UPDATE: denial of service via unsafe removals
- debian/patches/CVE-2013-4130.patch: use RING_FOREACH_SAFE in
server/red_channel.c.
- CVE-2013-4130
-- Marc Deslauriers <email address hidden> Wed, 07 Aug 2013 15:14:28 -0400
Available diffs
| Superseded in trusty-release |
| Obsolete in saucy-release |
| Deleted in saucy-proposed (Reason: moved to release) |
spice (0.12.4-0nocelt1) unstable; urgency=low
* New upstream release (Closes: #717030)
* Remove .version after build (Closes: #671627)
* debian/control:
- Bump Standards-Version to 3.9.4 (no changes)
- Update VCS-* to use canonical URIs
* debian/patches:
- fix-tests-warnings.patch, refresh
- link-server-test-with-libm-libpthread.patch, add (Closes: #713681)
* Refresh libspice-server1.symbols
-- Liang Guo <email address hidden> Thu, 25 Jul 2013 00:10:00 +0800
Available diffs
spice (0.12.3-0nocelt1ubuntu1) saucy; urgency=low * Link server tests with -lm. -- Serge Hallyn <email address hidden> Thu, 23 May 2013 18:07:51 +0200
Available diffs
| Superseded in saucy-release |
| Obsolete in raring-release |
| Deleted in raring-proposed (Reason: moved to release) |
spice (0.12.2-0nocelt2expubuntu1) raring; urgency=low * Link server tests with -lm. -- Matthias Klose <email address hidden> Tue, 02 Apr 2013 09:29:32 +0200
Available diffs
| 1 → 75 of 83 results | First • Previous • Next • Last |
