Bug#728314: marked as done (spice: CVE-2013-4282: stack buffer overflow in reds_handle_ticket() function)

[Debian Bug Tracking System]

Your message dated Fri, 08 Nov 2013 16:04:13 +0000
with message-id <e1veoxd-0002uw...@franck.debian.org>
and subject line Bug#728314: fixed in spice 0.12.4-0nocelt2
has caused the Debian Bug report #728314,
regarding spice: CVE-2013-4282: stack buffer overflow in reds_handle_ticket() 
function
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
728314: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728314
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: spice
Severity: grave
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for spice.

CVE-2013-4282[0]:
stack buffer overflow in reds_handle_ticket() function

Upstream commit can be found in [2].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4282
    http://security-tracker.debian.org/tracker/CVE-2013-4282
[1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4282
[2] 
http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: spice
Source-Version: 0.12.4-0nocelt2

We believe that the bug you reported is fixed in the latest version of
spice, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 728...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Liang Guo <guoli...@debian.org> (supplier of updated spice package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 07 Nov 2013 22:44:29 +0800
Source: spice
Binary: spice-client libspice-server1 libspice-server-dev
Architecture: source amd64
Version: 0.12.4-0nocelt2
Distribution: unstable
Urgency: high
Maintainer: Liang Guo <guoli...@debian.org>
Changed-By: Liang Guo <guoli...@debian.org>
Description: 
 libspice-server-dev - Header files and development documentation for 
spice-server
 libspice-server1 - Implements the server side of the SPICE protocol
 spice-client - Implements the client side of the SPICE protocol
Closes: 728314
Changes: 
 spice (0.12.4-0nocelt2) unstable; urgency=high
 .
   * Fix CVE-2013-4282 (Closes: #728314)
Checksums-Sha1: 
 0853a37408f87bbcdd0f9601fd12b62f5b648346 2236 spice_0.12.4-0nocelt2.dsc
 0e33122545037e8f270a7a4e1ddeee0cecae5254 22964 
spice_0.12.4-0nocelt2.debian.tar.gz
 e0db2dad4cb9a0f8bc8a517b907ceb770123be2e 466622 
spice-client_0.12.4-0nocelt2_amd64.deb
 544308b8c3d6cdb873d43ac00918e894b2de92dd 446620 
libspice-server1_0.12.4-0nocelt2_amd64.deb
 c3cd06a4bec9efcbf1ff2dbf9e8bb462b21d896d 480430 
libspice-server-dev_0.12.4-0nocelt2_amd64.deb
Checksums-Sha256: 
 f31c977fca864673e05674e9f9d8c1ed961ff9fd0aef96c0d599c457cd06c136 2236 
spice_0.12.4-0nocelt2.dsc
 6c98a2a55149fd92ac6009669bbac72cac92c3d854d0db3398d8ba0abec609af 22964 
spice_0.12.4-0nocelt2.debian.tar.gz
 d7d2a08304b6fff99f3f968eb63b189ac3b0022f0922b0120160d3de3eaee305 466622 
spice-client_0.12.4-0nocelt2_amd64.deb
 3b8451381bb1397dcd7135a04beec2817290c86b27924bb31bc7a9fdad7fa715 446620 
libspice-server1_0.12.4-0nocelt2_amd64.deb
 9bc2b4b558c47db7ec0eff77e4a1dce4a83a3419bdc6aae7e0d9644dd2138de1 480430 
libspice-server-dev_0.12.4-0nocelt2_amd64.deb
Files: 
 879af74e742e2e5fb1972dce713c953c 2236 misc optional spice_0.12.4-0nocelt2.dsc
 1363e4d485fb6f987ff5af6d35738c5e 22964 misc optional 
spice_0.12.4-0nocelt2.debian.tar.gz
 bcb760c965e2dd45c18234bac6a9ce98 466622 misc optional 
spice-client_0.12.4-0nocelt2_amd64.deb
 880e3da6b8890e357f621fbae4bb47f5 446620 libs optional 
libspice-server1_0.12.4-0nocelt2_amd64.deb
 ccba0244e71267decf26beb0b9fe2fe3 480430 libdevel optional 
libspice-server-dev_0.12.4-0nocelt2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCAAGBQJSfQlfAAoJEIK1tAhowJe8ts4P/1DyzKbyS3DVyV2ySKdB6RRK
o3nxWPETGPMZ2gWA9uJSGgwJeZa6R/oy/vUWvWQ17dKjO46HVngaGAoNnyHwqBh6
UN9mdNtTJw3i9D+WdHqLLmuPyNdKhp/mOCOQ/w7vpunT1tGAB0q1JCg/adgaOtMj
kes+IQ6m8qeRc7dSa1Khx2uJmQiJT/rc4dXS7NUmu2gZum9OFVmarsNYTN2fO2ob
WXXWKpg9bu0QhHp1wNaKDGBhFZu9FLo5Na7rmqQLx/489kVE6QUo0ZOyHytKNKvd
u3T+jlfXVEL7pxBZQXOi5Rn7xvM48zWsFOdi3UC7S747dEZvGMybZup3vDu+YzsZ
mRWnTew4DNU9OTxcy/HTNLvT2tyXfclLLaYlE+mwOF67mRyHazXjI0psApNODdm5
Lc9scdVCZVL5x4G1OOjrEtMJPjFm2aOmm6PhQxBcXcCWqEqgWc9B3+Ov7uLOjlE6
phvK2fbQH55rEc4M61EkaviM1/XRMfH38hQezNYK0SOmONvW1e3DJn+f/DzwT1g7
pxljbU+Zt/xu6nBC8DvCaAMaR2DsLfeQ8reVPUt8R/bVjrzoRBoksZmJr4W1QKJ0
b2rA76BYU5IE2TU3IqDLGbHxeU1vx239HKRR1pIyapeIrRxiH1CnCuvUeRpEplcy
xgKPFWZPlmVTeLK8msaC
=vlaJ
-----END PGP SIGNATURE-----

--- End Message ---