Your message dated Sat, 10 Oct 2015 18:47:07 +0000 with message-id <e1zkzah-0005nu...@franck.debian.org> and subject line Bug#801091: fixed in spice 0.12.5-1+deb8u2 has caused the Debian Bug report #801091, regarding spice: CVE-2015-5261: host memory access from guest using crafted images to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 801091: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801091 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: spice Version: 0.12.5-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for spice. CVE-2015-5261[0]: host memory access from guest using crafted images If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-5261 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1261889 Please adjust the affected versions in the BTS as needed. Regards, Salvatore -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
--- End Message ---
--- Begin Message ---Source: spice Source-Version: 0.12.5-1+deb8u2 We believe that the bug you reported is fixed in the latest version of spice, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 801...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated spice package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 06 Oct 2015 23:02:42 +0200 Source: spice Binary: spice-client libspice-server1 libspice-server1-dbg libspice-server-dev Architecture: source Version: 0.12.5-1+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Liang Guo <guoli...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 801089 801091 Description: libspice-server-dev - Header files and development documentation for spice-server libspice-server1 - Implements the server side of the SPICE protocol libspice-server1-dbg - Debugging symbols for libspice-server1 spice-client - Implements the client side of the SPICE protocol Changes: spice (0.12.5-1+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Add series of patches for CVE-2015-5260 and CVE-2015-6261. CVE-2015-5260: insufficient validation of surface_id parameter can cause crash. (Closes: #801089) CVE-2015-5261: host memory access from guest using crafted images. (Closes: #801091) Checksums-Sha1: 5e2164701b4d53748cea23a39230c08bfcc14759 2355 spice_0.12.5-1+deb8u2.dsc 9df0315e5d107869b57960ac5954d9e2ba5abf36 24968 spice_0.12.5-1+deb8u2.debian.tar.xz Checksums-Sha256: 9c68b917fe393e4544d2970ec5a5506d187a60194cb8ee958332488d5beeb13d 2355 spice_0.12.5-1+deb8u2.dsc 2941836cec7e3d4c9f2e46bb0c859fcc6cfb305ba1503e6f8317d90fc0b6d9ec 24968 spice_0.12.5-1+deb8u2.debian.tar.xz Files: 6c1e0bbfcd8b651e193829d212d370bd 2355 misc optional spice_0.12.5-1+deb8u2.dsc b4c866c1fd31f4fd54c65c41a68ddc4c 24968 misc optional spice_0.12.5-1+deb8u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWFDhoAAoJEAVMuPMTQ89Eq1EP/jQoKDKYj/IynAzE6E+6imLv pbHb/ErLGn/mWaScc5B7d8Wpt/SMqI/7qYL863pHDSIM60r0m8lZg7aNdsNUXudJ EKyqxGcwjtDtmX3TKrn6UTcTZoOESKX/yfZf3zaZr6uqISftfBzwlJGN2a/uwMRw G0OMKDpMhEgTHdRZbvMtUNXr5d96hrUCvkkk7G/6Z1UmbmFjNNEPrJr4LVnLONMG nfFyJVKfxZAZ9T3HLz2X+BLRh35eIO4rRSjjPOC14aY0udzT4vaPNFbSwBd+4wq1 3tzRgL+lLSaW3R+Pciejpmoz20Q3A3oFvWuSW6H9AVL/F+GLVhXy3+Y7DL3PD0q7 W/t7a7x5gRlqOQclu36FF992tH1RKtPcsJOwsn57pGkcURhdca2Bq3CIoyezc8QF 0JQ6Z4TNX2Og/ONWd8mhBrPy9YXPLuTbmxl5NJJuUdsmxRh7r81J+7+Z/nEpI3SM 5MdZjKw0q/BwciW+eIxjJGk2MKBhqKqrSxh+UmlJpar2wQPkgJnxxRAJIrOsY/dq OkWU/sgkHc+G9uGP3/BTUBLs9MxWFy42igELKphfTio69KiR1vh8lvlehWBBYS/l eN3wSSql8ylfgnn07mraWELNrjhGBN3/DEolkItVVhHx+ZYUCv9mz78A1yQg5Vmw GFJiGKtJ6oX7uychO+mU =gLq1 -----END PGP SIGNATURE-----
--- End Message ---
