Control: tags -1 moreinfo On 16/02/17 06:06, Salvatore Bonaccorso wrote: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > > Hi > > Please unblock package spice > > It fixes two CVEs, CVE-2016-9577 CVE-2016-9578, reported by Moritz as > #854336. Markus Kschany fixed it as: > > +spice (0.12.8-2.1) unstable; urgency=medium > + > + * Non-maintainer upload. > + * Add CVE-2016-9577-and-CVE-2016-9578.patch: > + - CVE-2016-9577: A buffer overflow vulnerability in > + main_channel_alloc_msg_rcv_buf was found that occurs when reading large > + messages due to missing buffer size check. > + - CVE-2016-9578: A vulnerability was discovered in the server's > + protocol handling. An attacker able to connect to the spice server > could > + send crafted messages which would cause the process to crash. > + (Closes: #854336) > + > + -- Markus Koschany <a...@debian.org> Mon, 13 Feb 2017 21:42:01 +0100 > > Attached the resulting debdiff from the version in testing. > > unblock spice/0.12.8-2.1
That failed to build on mips(64)el: https://buildd.debian.org/status/package.php?p=spice Cheers, Emilio
