Your message dated Sat, 10 Oct 2015 18:47:35 +0000 with message-id <e1zkzb9-0005vk...@franck.debian.org> and subject line Bug#801091: fixed in spice 0.11.0-1+deb7u2 has caused the Debian Bug report #801091, regarding spice: CVE-2015-5261: host memory access from guest using crafted images to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 801091: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801091 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: spice Version: 0.12.5-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for spice. CVE-2015-5261[0]: host memory access from guest using crafted images If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-5261 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1261889 Please adjust the affected versions in the BTS as needed. Regards, Salvatore -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
--- End Message ---
--- Begin Message ---Source: spice Source-Version: 0.11.0-1+deb7u2 We believe that the bug you reported is fixed in the latest version of spice, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 801...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated spice package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 08 Oct 2015 17:41:09 +0200 Source: spice Binary: spice-client libspice-server1 libspice-server-dev Architecture: source amd64 Version: 0.11.0-1+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Liang Guo <guoli...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libspice-server-dev - Header files and development documentation for spice-server libspice-server1 - Implements the server side of the SPICE protocol spice-client - Implements the client side of the SPICE protocol Closes: 801089 801091 Changes: spice (0.11.0-1+deb7u2) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add series of patches for CVE-2015-5260 and CVE-2015-6261. CVE-2015-5260: insufficient validation of surface_id parameter can cause crash. (Closes: #801089) CVE-2015-5261: host memory access from guest using crafted images. (Closes: #801091) Checksums-Sha1: 492497a72f5115b0163c433d968b431f75476c49 2276 spice_0.11.0-1+deb7u2.dsc 850c4898591e8e10474b57b0f18deeab0edb84e9 33438 spice_0.11.0-1+deb7u2.debian.tar.gz d702c5ab5934d37b79d07068cfdcdcfc6dfdb96e 438298 spice-client_0.11.0-1+deb7u2_amd64.deb cebadde632bc68f095a0948d391d353dd52096cf 376668 libspice-server1_0.11.0-1+deb7u2_amd64.deb d987d0cf85ab1836779a64a92b80947bbe1794d9 456838 libspice-server-dev_0.11.0-1+deb7u2_amd64.deb Checksums-Sha256: 47b5f1376f7e29a71c7d67c68b0b4a1643c1076014575fa4415203ea040878bc 2276 spice_0.11.0-1+deb7u2.dsc 615354e2a4778bcacc885d02b3cf0d85cc4eec38bf63b32dcde816c75febcf22 33438 spice_0.11.0-1+deb7u2.debian.tar.gz fee899722c4b557aaf1a168f973d4af0cb4d91d0778a301f2fdeb7865df87a90 438298 spice-client_0.11.0-1+deb7u2_amd64.deb 282b9128348c5cc6c04e0f4f99cd7ddcc7d5660dbd3b252d03ca92f703b9a697 376668 libspice-server1_0.11.0-1+deb7u2_amd64.deb a712a1d834b7f41ad67cac894f29df432134adc55dcc8c498a1eac36c037e68e 456838 libspice-server-dev_0.11.0-1+deb7u2_amd64.deb Files: c8789994db6eb4360b5afe463d86a5fa 2276 misc optional spice_0.11.0-1+deb7u2.dsc 6ab31f06d2fab118944cf75b40e4b665 33438 misc optional spice_0.11.0-1+deb7u2.debian.tar.gz dfbfe9f635aeb847b99d380247909b9b 438298 misc optional spice-client_0.11.0-1+deb7u2_amd64.deb 1ff6d68b051bfe52a2ac280ea5a48c29 376668 libs optional libspice-server1_0.11.0-1+deb7u2_amd64.deb fea3f8784b179de8bef322d69d45c538 456838 libdevel optional libspice-server-dev_0.11.0-1+deb7u2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWF8+SAAoJEAVMuPMTQ89E6I8P/1FV7obiUyCZwqKSOyw+BOPx EyQAHKdGTLpLHuELlpHgvnY+pqThLyYggABr8d0muE/kaUXptdJLEoXcPM20ya8l 19w1BzqSELTM0kNxkbtKBjIYewTDHi9PUbGfxcxgakMOuUd08s77OdK5vpBJipV7 tnyEsKFdHidYJkClbicMxkq2EduGn22+p5jnzaSxVCbIdZBif9iMIX8QCgMZiFH9 GCs1x/8JTeGFFUXp5UiD21R5dJrlStUQ9BGYEA3ea5ejuDXwsBAVIAb87YFDkof3 xPYWYBLEmIbxXoKKs83VBKD37KE3eJypldL/P6QliNO8iv8XhqSz78Psd2OlZKO1 FrRSOiy04GtbLLoqSZ0jhIe93G44bpJy37UqFbvLstIufEdsDDg0wvKrxPBEhYGj RtZlb/1BQGmGRO6s5haVjfYyTtRfO0he45JA2b5OUbF9t8KOZxlEzFhzPQLj4VbA eKG4VrwD5alVTPu8elJAAwd24fPa6YY6mBDISybzyc+s66OvR67SQ51ok7ryJyPA 0Uhb9OlMquNkqdVuhQX2Ly0td0Wnh9tZcHWkeUA2vj4N9PGfyoL0cTwXDpnFyRwE Mx+jhzexM9KA3pdjpGGGiLogkyQqK9yfI3TomjhTATGakoXGb46l4QAK0yGr1/RV JWM298tQ7rGGTH17e81I =X/1m -----END PGP SIGNATURE-----
--- End Message ---
