Your message dated Tue, 08 Sep 2015 19:49:48 +0000 with message-id <e1zzoto-0002ie...@franck.debian.org> and subject line Bug#797976: fixed in spice 0.12.5-1.2 has caused the Debian Bug report #797976, regarding spice: CVE-2015-3247: memory corruption in worker_update_monitors_config() to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 797976: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797976 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: spice Version: 0.12.5-1 Severity: grave Tags: security patch upstream Hi, the following vulnerability was published for spice. CVE-2015-3247[0]: memory corruption in worker_update_monitors_config() If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-3247 [1] https://git.centos.org/blob/rpms!spice.git/11e32f6dd156a3c4847da29d989837437e973ccc/SOURCES!0038-Avoid-race-conditions-reading-monitor-configs-from-g.patch Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: spice Source-Version: 0.12.5-1.2 We believe that the bug you reported is fixed in the latest version of spice, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 797...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated spice package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 05 Sep 2015 05:51:01 +0200 Source: spice Binary: spice-client libspice-server1 libspice-server1-dbg libspice-server-dev Architecture: source Version: 0.12.5-1.2 Distribution: unstable Urgency: high Maintainer: Liang Guo <guoli...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 797976 Description: libspice-server-dev - Header files and development documentation for spice-server libspice-server1 - Implements the server side of the SPICE protocol libspice-server1-dbg - Debugging symbols for libspice-server1 spice-client - Implements the client side of the SPICE protocol Changes: spice (0.12.5-1.2) unstable; urgency=high . * Non-maintainer upload. * Add CVE-2015-3247.patch patch. CVE-2015-3247: Memory corruption in worker_update_monitors_config(). (Closes: #797976) Checksums-Sha1: ae907c1d714e28217018b1173dd0d099637c28df 2361 spice_0.12.5-1.2.dsc b5054609c118e19f2bf3f65036d138bad64c5a5b 16448 spice_0.12.5-1.2.debian.tar.xz Checksums-Sha256: c2f8b3fd1d2b16ee18c9fa0c474844286ec10c6b409de492358a59e15d48108f 2361 spice_0.12.5-1.2.dsc aaab3fa3ee1a3f983b9589034e07b5d98d679cbdff7007c907afea695dd2bc71 16448 spice_0.12.5-1.2.debian.tar.xz Files: 34c6830e85175d1a89a7b937f9a2d0c4 2361 misc optional spice_0.12.5-1.2.dsc ee8500331df521efe5e757301f81ff4d 16448 misc optional spice_0.12.5-1.2.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJV6mlxAAoJEAVMuPMTQ89E/l8P/13t2zImtGd9wd9MBMCInNmI ZAC6UaZ4HHgwehHB8cljQkHMGJaRVja4C0IbtPaxdEesiBgI8m7DdtiPLT/23Wgw RR1CjCLtVgoJ97frqDmhZeMRnT7igue98HKjcZt4EMHvE35vXArN76UMJ5jjOhl1 JSynFYeF4hX8YQBaMMJFiYqagmOKVKskDF/MUNGSSxule/MN9InHhMDvab+rxD4m 2ZfklgPRt1Yuu24rAjfO5A9iYd/IqW36h5KqYENmyULI5MawU9LrgPZf1u3iA3db bDdGZpDHaTao0oI3TZw4JZrpFbtX4oVqCbXTDm3Yb4H17R1sdqUSIpewXeVPHuHv UTJu3kxVhrUtk2CuBsRzpFhGuEs9X9A8aCx8NBPQ43bRv++ikqISKdH4+mM4K3jw of9LCBCHBYosMoNNCUcYgqqIraZ29IdpQRgRq1ukN+tC+w8DQlEzLdDZReqT2HtL sg1vUCsyFY9VgH3vbgy/O1d5DY6R/kviC5q32FNWpYkouQ2HWUN7p40dwFK3r/AF r6SwaKXx0C6j4NYmJtMnHD9aMfq9/TtvZiKUpRA880mXMmVrnlPq6A3BqPg5Zyzp EazJ194xco/cv18NzN32Kf9BVXUHyGsqEQH2kaMIx1Myg5mir4hQrgL84gPboUQg sle6iXDMYS+pwFmFFmLW =M2rN -----END PGP SIGNATURE-----
--- End Message ---
