Your message dated Wed, 30 Jan 2019 21:05:00 +0000 with message-id <e1gox2a-000e8k...@fasolo.debian.org> and subject line Bug#920762: fixed in spice 0.14.0-1.3 has caused the Debian Bug report #920762, regarding spice: CVE-2019-3813: Off-by-one error in array access in spice/server/memslot.c to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 920762: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920762 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: spice Version: 0.14.0-1.2 Severity: grave Tags: security upstream Control: found -1 0.12.8-2.1+deb9u2 Control: found -1 0.12.8-2.1 Control: fixed -1 0.12.8-2.1+deb9u3 Hi, The following vulnerability was published for spice. CVE-2019-3813[0]: Off-by-one error in array access in spice/server/memslot.c If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-3813 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3813 [1] https://www.openwall.com/lists/oss-security/2019/01/28/2 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: spice Source-Version: 0.14.0-1.3 We believe that the bug you reported is fixed in the latest version of spice, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 920...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated spice package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 28 Jan 2019 13:04:44 +0100 Source: spice Binary: libspice-server-dev libspice-server1 libspice-server1-dbgsym Architecture: source Version: 0.14.0-1.3 Distribution: unstable Urgency: medium Maintainer: Liang Guo <guoli...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 920762 Description: libspice-server-dev - Header files and development documentation for spice-server libspice-server1 - Implements the server side of the SPICE protocol Changes: spice (0.14.0-1.3) unstable; urgency=medium . * Non-maintainer upload. * memslot: Fix off-by-one error in group/slot boundary check (CVE-2019-3813) (Closes: #920762) Checksums-Sha1: df63aa51c7effe26d46a1ca019e0820279cdb8fc 2810 spice_0.14.0-1.3.dsc bcb74fbe6526135af0cbb6118712cc9c301f56bd 20036 spice_0.14.0-1.3.debian.tar.xz Checksums-Sha256: 7b1cc9ea00c8eb21ea1b72bd5fc45e3c6f5735a147bcfa95d1882ed7dbe7c403 2810 spice_0.14.0-1.3.dsc 5ebffa2e91b0a155e4a7389f874761181eb61c6af0c51137c92f11ac7b54170b 20036 spice_0.14.0-1.3.debian.tar.xz Files: 71094a47fb030c92d7caa563e3b87c92 2810 misc optional spice_0.14.0-1.3.dsc 39416f9bc1eda7e30e8fcd9f73ee87ae 20036 misc optional spice_0.14.0-1.3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlxPZ5lfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EqWMP/jlRXB2J97r0FtU39HZ5UT0UDDaja+gx sDNU0LAzQdCObY3tiH0TtduVjYY36mUhRdGt7cX58B+0dafH00aZ7OZ4qY4PeLOL VYpkmkE39U8glICaVJXmW+nRvGAgLw0SfZ0O4QWSP+RvIu8VPLyfxDyyGJi2abp9 vFLohy6cBzSHBkq0VKnJLq2eluypD7xbKlHcqhkgXnklQRJhBA8GQ6YvMjpFGiOV XVmr5R8K3G+Vpgc++Q1Lq1tEw3pHxribnthjzyJrxq/wki4wyx1z1LYM+7t+jMA/ iQs6UlMAnrc1ynjxRKB7VfzbIwnuBFVhZSE3PVdRFRMIfzEqqW1pTm7+nxTekRGU WIw1I4v+4l7vk2kN8OKkUFw0z8Wr/W8WuB0T/iK86K72WAayycU/1LWvPp+WvCaG WAV2O/v8+eQmc0YUGcyxPa8gcPQtOcylFGlI89vgEOmGpQ50zVZgtBfqMfC0+bd6 j4A7EtqWHoHwXLd2ArGfS7duPIhlW8070J+v4ckybL9D2/qJipmBFWmiXAbyZBh+ euspJ8vLARmbP7g3Qm4buqbzQUMgHudSmm34dUYD1L5AapWeFRyP4U5zz0SBqIgO zzC5jlD9NOZLTDoHDaOmrE5pN/DrgzzjDA8EAVCoLlymVB6sST3dYWb9MbcgayJx b160kFnAjw4G =u0LA -----END PGP SIGNATURE-----
--- End Message ---
