Your message dated Thu, 08 Oct 2015 09:26:59 +0000 with message-id <e1zk7tx-0000ho...@franck.debian.org> and subject line Bug#801091: fixed in spice 0.12.5-1.3 has caused the Debian Bug report #801091, regarding spice: CVE-2015-5261: host memory access from guest using crafted images to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 801091: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801091 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: spice Version: 0.12.5-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for spice. CVE-2015-5261[0]: host memory access from guest using crafted images If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-5261 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1261889 Please adjust the affected versions in the BTS as needed. Regards, Salvatore -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
--- End Message ---
--- Begin Message ---Source: spice Source-Version: 0.12.5-1.3 We believe that the bug you reported is fixed in the latest version of spice, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 801...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated spice package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 07 Oct 2015 07:23:38 +0200 Source: spice Binary: spice-client libspice-server1 libspice-server1-dbg libspice-server-dev Architecture: source Version: 0.12.5-1.3 Distribution: unstable Urgency: high Maintainer: Liang Guo <guoli...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 801089 801091 Description: libspice-server-dev - Header files and development documentation for spice-server libspice-server1 - Implements the server side of the SPICE protocol libspice-server1-dbg - Debugging symbols for libspice-server1 spice-client - Implements the client side of the SPICE protocol Changes: spice (0.12.5-1.3) unstable; urgency=high . * Non-maintainer upload. * Add series of patches for CVE-2015-5260 and CVE-2015-6261. CVE-2015-5260: insufficient validation of surface_id parameter can cause crash. (Closes: #801089) CVE-2015-5261: host memory access from guest using crafted images. (Closes: #801091) Checksums-Sha1: ddfe911a8db97277d68c2f3223a2451a2f75f754 2361 spice_0.12.5-1.3.dsc eea80df8ffaba3d499489119d4aead2d4896ae50 25004 spice_0.12.5-1.3.debian.tar.xz Checksums-Sha256: c84662a4002947c986d9fc8729a99bab9cd364e8dd75fb7019780b66b104b6eb 2361 spice_0.12.5-1.3.dsc f158cdf3092e7633497a8700502ed6d2af7219100efb8e99fe0325a8aff716e9 25004 spice_0.12.5-1.3.debian.tar.xz Files: a65dfc82e68cb3006686acdb1dcc7bf0 2361 misc optional spice_0.12.5-1.3.dsc 55c345fc77483b839d3238157895eec9 25004 misc optional spice_0.12.5-1.3.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWFUSSAAoJEAVMuPMTQ89EnjIP/0rp6eG3KiTS+jtJCdt8huxW 5Zb7mC4JIPQ2ZkxDFleafUUJ1eAREGRAaPYppqoh6WcHQiB/lxFV4yLtiJ2Ymae0 wjqJMt6ckWp2QxNIhePEn8x7DRmMKKCgGgz+ChqD7/ndyVxb2wfaZ0vvbWDN3W0S 2MGwVAEtlm6UouY57atcU03RKUrCWdGbznQji8oIt8oMhMRiUXlnYzhJeQN6Muhy v7SlRsh3kSeZ+9gLloyZTsLheydn07b+zjwZUrpfLmpitkQM/Zmb2+q1E9fHuz8d FPIWAB+V1UlW9hyOo5wM3YrPsaYDcREi84AerfLedSvTDckD8gdV97Zv6t9Ro9QZ wr0trl26KEglvymaOpeT3uqPL/yQA20v41K49yuF7wtKwNw2QIV7EP8W1nqpbwWe FgTs2X0KXVV/ZkEcRpPxnfH9xq8LqG880y0yMi8djp4AKR0LchTH2S9BiYEUugPo HQgNblXEr4lCxuIMDetp88gHE3X8Wa5VlsywGcz6H9ijV+K3/bmYmtn4AlwhQsMa I51VsPkBNXqow0emZHj+R7QtbKAj+VwvLw0RW1nJ5oEwQARZ2BMM8WnffLNu8q8g dlHWw4YROcu2Nh+8I8g8Cil5R2HM1p4k3tjRjp5nl+JcO6H/qSsQglRTS/nyNKOl vo0mcxX3nTlibKw/ojWp =ktsn -----END PGP SIGNATURE-----
--- End Message ---
