Your message dated Sun, 12 Jan 2014 21:18:18 +0000 with message-id <e1w2sqe-0002hq...@franck.debian.org> and subject line Bug#728314: fixed in spice 0.11.0-1+deb7u1 has caused the Debian Bug report #728314, regarding spice: CVE-2013-4282: stack buffer overflow in reds_handle_ticket() function to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 728314: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728314 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: spice Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for spice. CVE-2013-4282[0]: stack buffer overflow in reds_handle_ticket() function Upstream commit can be found in [2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4282 http://security-tracker.debian.org/tracker/CVE-2013-4282 [1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4282 [2] http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: spice Source-Version: 0.11.0-1+deb7u1 We believe that the bug you reported is fixed in the latest version of spice, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 728...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated spice package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 03 Jan 2014 17:52:06 +0100 Source: spice Binary: spice-client libspice-server1 libspice-server-dev Architecture: source amd64 Version: 0.11.0-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Liang Guo <guoli...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libspice-server-dev - Header files and development documentation for spice-server libspice-server1 - Implements the server side of the SPICE protocol spice-client - Implements the client side of the SPICE protocol Closes: 717030 728314 Changes: spice (0.11.0-1+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2013-4130.patch patch. CVE-2013-4130: unsafe clients ring access abort. An user able to initiate spice connection to the guest could use this flaw to crash the guest. (Closes: #717030) * Add CVE-2013-4282.patch patch. CVE-2013-4282: Fix buffer overflow when decrypting client SPICE ticket. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application. (Closes: #728314) Checksums-Sha1: 761c8f2e9f1758b9f161f65589b1afb4f34b7aa4 2293 spice_0.11.0-1+deb7u1.dsc 889f96c26645b6cb050ddb0e3828a13ac29affe7 1442150 spice_0.11.0.orig.tar.bz2 aa5350fae2e61b6770929fce929b223249962bc0 21976 spice_0.11.0-1+deb7u1.debian.tar.gz c40ce9de81192e42637609a5482eeebd741b1c6b 438090 spice-client_0.11.0-1+deb7u1_amd64.deb 37dadf12d16cae7f381a57688643d1667581e3b8 376264 libspice-server1_0.11.0-1+deb7u1_amd64.deb bcbedcaa73a5737412c4161a20eddb44710bfba0 455444 libspice-server-dev_0.11.0-1+deb7u1_amd64.deb Checksums-Sha256: 64a589c624c15e6151d79395fe1d3d390e5a7cf8906d4c1f45fac2567197f348 2293 spice_0.11.0-1+deb7u1.dsc 7c906ffe9723a781fbbde5a97d9693f720dd58923b91a574af7edb60120c56a5 1442150 spice_0.11.0.orig.tar.bz2 05aed9c7bb96e1d39be76d69c97c61620399b9bb0fb58da6bebfe983b26e7f1e 21976 spice_0.11.0-1+deb7u1.debian.tar.gz c0322a592508478806b634862e490b71e492a878187a4ffb491489d5c8339235 438090 spice-client_0.11.0-1+deb7u1_amd64.deb 704648e0b4c669d434e7bff59537d562e003368afb18784588af4326e8c2ff3e 376264 libspice-server1_0.11.0-1+deb7u1_amd64.deb b926e96c5457069f969024f1781c7018906367c5490bb3cf2c4eec2abee5802e 455444 libspice-server-dev_0.11.0-1+deb7u1_amd64.deb Files: 67dc44a3a5bdcebca774bad24040d75a 2293 misc optional spice_0.11.0-1+deb7u1.dsc 1d36b7bba386caeb7f65a5d986c78070 1442150 misc optional spice_0.11.0.orig.tar.bz2 b558c875d893e48886ec52f11b0cc843 21976 misc optional spice_0.11.0-1+deb7u1.debian.tar.gz e6578df68daea002f50cd66916d0cd9d 438090 misc optional spice-client_0.11.0-1+deb7u1_amd64.deb 92f6d4850ad05e55b6efb929d92bd5c3 376264 libs optional libspice-server1_0.11.0-1+deb7u1_amd64.deb d2e36a0f017c21987aa01e437fb4d9ee 455444 libdevel optional libspice-server-dev_0.11.0-1+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCgAGBQJSyXU6AAoJEAVMuPMTQ89Eyl8P/2gLryVZySlMJpvKgAaMSLQM pccHcOqok95W/QQouWR94k9Vo1jyea50yCkzrjfB3WDz7N02ePMENuxmJvf3M2uk hRJ+eLdJpbHsa/eVlpy2PfiHsWkxKfdF40I8T0fXEpXsiAZn8g9bEeqsSMdItlSB 4967sFtt7r944EDhw0jwVB/lJamwZApaRcS9btxaSDt0Y8aITDRXwOUhzVguX/R5 JCQ50L3HHwcp/HxrZVItTvkmpQVG5X1WT6sMJ1XiqWg6T4LBdgjAUxRpCGKvBWJF 18uRwhU1oZpFwHSbYfENouGO0kMhgvDmWcSi92tOeoYlm39AEESqjRXCNkOQYRgH KVOAwH57vBXfiEdivmaXwnPP2F9zOK5aMjRWadQVLEPFF1v7AFx4E70Ip497MzoJ in8Q8IsvZBmPzm3ORiJh/UBvR6l9GBCtc5ue/wqUpcfZq7PW8yg6R4sN43stk2BX FQV39C/xCZtdfVGSeaHj2YJDcfn7cw6RdweO6iHp4ysT30v4xw4Zft3QHviR8HG3 zUiN1aqxFmkU4NETHS8yIyac3n+3Pn5UlZuXfs54WTjRz8OiD8ezYbXAz5/DLW40 04lTYNmLfBl/uA4ccnTQC0fCbTZlLxtmdEnn/kNgTzSUuL7eoqsG4eu14OvtAejw vF34Gzj7hZlhW3NIc4e7 =pH/i -----END PGP SIGNATURE-----
--- End Message ---
