Your message dated Thu, 29 Oct 2020 08:25:04 +0000 with message-id <e1ky3f2-000gua...@fasolo.debian.org> and subject line Bug#971750: fixed in spice 0.14.3-2 has caused the Debian Bug report #971750, regarding spice: CVE-2020-14355 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 971750: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971750 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: spice Version: 0.14.3-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: clone -1 -2 Control: reassign -2 spice-gtk 0.38-2 Control: retitle -2 spice-gtk: CVE-2020-14355 Control: found -1 0.14.0-1.3 Control: found -2 0.35-2 Hi, The following vulnerability was published for spice and spice-gtk (as the issue reside in the spice-common shared code). CVE-2020-14355[0]: | Multiple buffer overflow vulnerabilities were found in the QUIC image | decoding process of the SPICE remote display system. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-14355 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14355 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: spice Source-Version: 0.14.3-2 Done: Michael Tokarev <m...@tls.msk.ru> We believe that the bug you reported is fixed in the latest version of spice, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 971...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <m...@tls.msk.ru> (supplier of updated spice package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 29 Oct 2020 10:57:02 +0300 Source: spice Architecture: source Version: 0.14.3-2 Distribution: unstable Urgency: medium Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org> Changed-By: Michael Tokarev <m...@tls.msk.ru> Closes: 958349 971750 971873 Changes: spice (0.14.3-2) unstable; urgency=medium . [ Christian Ehrhardt ] * - d/t/automated-tests: d/t/control: make test work again * - d/t/control: install new test dependency python-pil * - d/t/regression-test.py,d/t/base_test.ppm: add files dropped in release tarball but needed for autopkgtests * - d/source/include-binaries: allow binary base_test.ppm in package . [ Michael Tokarev ] * build on riscv64 too (Closes: #958349) * bump debhelper compat to 12 and switch to debhelper-compat build-dep * add Rules-Requires-Root: no * d/rules: run dh for recognized targets only * use secure (https) URLs in d/control & d/copyright . [ Salvatore Bonaccorso ] * Point Vcs-{Git,Browser} field to qemu-team packaging repository (Closes: #971873) * Fix multiple buffer overflow vulnerabilities in QUIC image decoding (CVE-2020-14355) (Closes: #971750) Checksums-Sha1: 02dd70ad1b835afb3dc9554fb4a71391c3576e1e 2376 spice_0.14.3-2.dsc 281201820895a04c0c88b20678d1e24d4a969d4b 17952 spice_0.14.3-2.debian.tar.xz 1491e51d261310fb05d06ca27799447106862cde 11377 spice_0.14.3-2_source.buildinfo Checksums-Sha256: f5e52f30b7d88958765c5a72f237cd5fc46b222140bf3166904a0d90ceab4859 2376 spice_0.14.3-2.dsc d33df2ec7979dd3c0f3401bba268ed69257308f46a834577c3101e087b74a936 17952 spice_0.14.3-2.debian.tar.xz 871821a3f56549ab26ad8738195117619a8ba415e980a8cf43fa5caf666e822b 11377 spice_0.14.3-2_source.buildinfo Files: dc24e5fe82d28ed7b63d0bef9caf0658 2376 misc optional spice_0.14.3-2.dsc b7af5e8064946b8c133bac1564118211 17952 misc optional spice_0.14.3-2.debian.tar.xz 03c96743d4a53dcef38982af1c3c0816 11377 misc optional spice_0.14.3-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAl+adhkPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZZEkIAKbFI751ISnJ1Ry8aVmuBHri9qrT9ak1a6ie vO4OUlj1TF/w2eARwCpOvHFXEu2k+L+Rz218XMi9N+/Xvp6TRwNBuylN6G91XL4W oAGTuZXyLe00q18FZh87rGzt++9VK5FaAN4uOSIXFxZ9MC1GKHqINKKrIWDZbNSy rTQgFrg3ZoAxAYhSxLoXbsftr1ad2kXBBxcZAaqFDqvitWR29cq7m5uQil6WymZ5 M7egSABDfVvYorj5C9Ojf0n/XWDoTuNNHvGikBaEfNQvf+bSnqgJfdl3SO7LpW5G bFWBDCMjXpFYIfUZwksZijVCbuYHMf2VMzSpAnn3mmsMIwc7zHY= =wjiW -----END PGP SIGNATURE-----
--- End Message ---
