Your message dated Sat, 12 Sep 2015 21:17:19 +0000 with message-id <e1zasah-0006c7...@franck.debian.org> and subject line Bug#797976: fixed in spice 0.12.5-1+deb8u1 has caused the Debian Bug report #797976, regarding spice: CVE-2015-3247: memory corruption in worker_update_monitors_config() to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 797976: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797976 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: spice Version: 0.12.5-1 Severity: grave Tags: security patch upstream Hi, the following vulnerability was published for spice. CVE-2015-3247[0]: memory corruption in worker_update_monitors_config() If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-3247 [1] https://git.centos.org/blob/rpms!spice.git/11e32f6dd156a3c4847da29d989837437e973ccc/SOURCES!0038-Avoid-race-conditions-reading-monitor-configs-from-g.patch Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: spice Source-Version: 0.12.5-1+deb8u1 We believe that the bug you reported is fixed in the latest version of spice, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 797...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated spice package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 04 Sep 2015 09:34:00 +0200 Source: spice Binary: spice-client libspice-server1 libspice-server1-dbg libspice-server-dev Architecture: source Version: 0.12.5-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Liang Guo <guoli...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 797976 Description: libspice-server-dev - Header files and development documentation for spice-server libspice-server1 - Implements the server side of the SPICE protocol libspice-server1-dbg - Debugging symbols for libspice-server1 spice-client - Implements the client side of the SPICE protocol Changes: spice (0.12.5-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2015-3247.patch patch. CVE-2015-3247: Memory corruption in worker_update_monitors_config(). (Closes: #797976) Checksums-Sha1: 2da1aa188b2edf10b5039f62a565bdb6329dd173 2355 spice_0.12.5-1+deb8u1.dsc 2fabe47611cac6b43b3c2c61e400d7375f06e16a 1737169 spice_0.12.5.orig.tar.bz2 684ce5f7ec08004821a1b26d2f693ff145b603d0 16404 spice_0.12.5-1+deb8u1.debian.tar.xz Checksums-Sha256: d7a48c58c7d8720dd28e0d2de8adefc30ab664d18e15931ac5a3a98681a5934b 2355 spice_0.12.5-1+deb8u1.dsc 4209a20d8f67cb99a8a6ac499cfe79a18d4ca226360457954a223d6795c2f581 1737169 spice_0.12.5.orig.tar.bz2 80d9911664ca2ca7c7b3a6ee85d26a01717a10465e0ebc15e780cf03482b7b42 16404 spice_0.12.5-1+deb8u1.debian.tar.xz Files: 00727efcb18f391f061243b110ffd044 2355 misc optional spice_0.12.5-1+deb8u1.dsc 1256286214fe402703c0a01bd3a85319 1737169 misc optional spice_0.12.5.orig.tar.bz2 91b33b72c1b8d33f3d5a43a41084927f 16404 misc optional spice_0.12.5-1+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJV6gTXAAoJEAVMuPMTQ89EFzsP/2pGzzIrCuuDWymvu/8lN0FO qERrGIpRoArCu6p1SWkPutJWIJzYi+VD2AalN488pqGAHLsdVCPJkXMIdZ5I3Z57 auOQ65YpdtqeMgHTkyP0wwqcW9MfuNy8ncokOYpQdLGPJLh9bNAMo+gEYdnDyUEG q36eKLgo5sp5BfDdOCDnXn7R4b/6ISStqnVPaBTChKok473TXle7Rya8dl3pV17z kivharIuzx6TAJz41RObkjQDCHLFOEfas/26yua+jGLyaD+I2X8z/5m6hVZ+BPUk BL/F9LMomnkp/pJZKDi29vTUaPrvcLw0tqKY7uqwO/FjwHPfqTbbgl2mlSqx6Ojq +i9lefYTUYd+hE0yKyzqaucy9ORc3OcfLzsRc9hi7j78F2r+vGVgDAR/W6o+4RVR CkKqhe7jyEfXNMjxZHdJ938kFDIbsJ6XiNSzsMVs2qnPG7ae6D5z+n+Wr8rrRA6X uYrYf/JYyLBf92lkuu3rXlb4zS1tO9tJxp6hJklTMzM43Rxy0ArXl2tFg/7T83DW PKzCVtQ9mij+heHR68qjXJKapxsUKRvuLuiNDhr+f++iu9L2xrRO+2C9mq8VJtxU Eyrk+GHmR5FXd15JA108sgvteTbpjUQrDYYgVEDLJd9PULzfQMebkDG30V2syx+0 tIex5+ij2cHAJq0D0V/z =w4mY -----END PGP SIGNATURE-----
--- End Message ---
