Your message dated Sat, 11 Jun 2016 18:19:45 +0000 with message-id <e1bbnvz-0008lc...@franck.debian.org> and subject line Bug#826585: fixed in spice 0.12.6-4.1 has caused the Debian Bug report #826585, regarding spice: CVE-2016-0749: heap-based memory corruption within smartcard handling to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 826585: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826585 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: spice Version: 0.12.5-1 Severity: grave Tags: security upstream patch Control: fixed -1 0.12.5-1+deb8u3 Hi, the following vulnerability was published for spice. CVE-2016-0749[0]: heap-based memory corruption within smartcard handling If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-0749 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: spice Source-Version: 0.12.6-4.1 We believe that the bug you reported is fixed in the latest version of spice, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 826...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated spice package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 06 Jun 2016 19:22:10 +0200 Source: spice Binary: libspice-server1 libspice-server1-dbg libspice-server-dev Architecture: source Version: 0.12.6-4.1 Distribution: unstable Urgency: high Maintainer: Liang Guo <guoli...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 826584 826585 Description: libspice-server-dev - Header files and development documentation for spice-server libspice-server1 - Implements the server side of the SPICE protocol libspice-server1-dbg - Debugging symbols for libspice-server1 Changes: spice (0.12.6-4.1) unstable; urgency=high . * Non-maintainer upload. * CVE-2016-0749: heap-based buffer overflow in smartcard interaction (Closes: #826585) * CVE-2016-2150: host memory access from guest using crafted primary surface parameters (Closes: #826584) Checksums-Sha1: 74a6658ba6309a0604868f9a1d358279e853afa8 2295 spice_0.12.6-4.1.dsc 22f0c8f1ac7df5938b8a2ca8310f4933d686216d 12704 spice_0.12.6-4.1.debian.tar.xz Checksums-Sha256: 0ded2fcc8834e599d602b88699fbc81974a00292ab962c22f3ec5bcef4f558af 2295 spice_0.12.6-4.1.dsc d624b7c65b172364299a86c8f4b37fead939259f6a9138b8a89a00e521ae49a9 12704 spice_0.12.6-4.1.debian.tar.xz Files: c831c6f74161ec28c3ba802f74529af6 2295 misc optional spice_0.12.6-4.1.dsc 6e8be7e7e5c37da13b8686c560f81106 12704 misc optional spice_0.12.6-4.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXVbJnAAoJEAVMuPMTQ89Ey/EP/jBPs/QKQXSGDDU3BkuuSpDX MWcbGZqGliqZUqb3096owYwfAjiqvc4/UDlV1OxlU2bvtkQZPROsJ5DAjp3GFBSh PCIsxPg4kQywk7CoJVLa/XJk4tOV3LfqZi4Ryz5puSqFCS02Q8yTggFYmvTmAkEN LQwaP5S0KjuQ+QMXry4Tj+Fgb86316aMfgsDLOy4TGltkaE/ylEmdgeAqCTMjAml rTf2KuBu0bhOQzMlnxdAGv6gxZ711SKVI45aViUw7z4RDxXu91kQdz7e2U2x/DBb UUDzdOadGPcLhjPa4E2khLFTdChEOxJLogRd505Heb5alJsEpN8MuNUpQXKywZO+ fpACbA4OzDuGU0OUREKIU4nt0U5jI2zT+37PBjgZiGUuogzWI0t2lQUmB8amGylO zCew90SFPIAizZyZ60NAbttzvcyKzmRh1paN4dgkmktutDEN2zwENxuJigAzMeJv alRQW4l7RVjfjYp9InQ5MUWj26ubaVu13+hT4lLygQyx1fWe8T6m2ZVyTfC4PY90 Sr/SA6PFms+LQfaudgkx2OHb+7PeNxixgKzK1q2r0usO/m7MotWuJuW61jqIWU56 jECOvk6Vxmb1HHkiEXCsyQrrs3Q4F72/HWxB5bsNDdIuUBlHpqoYQJS9WcDeVouS yr0JH0ZM7NJHWZE8Lean =w/YW -----END PGP SIGNATURE-----
--- End Message ---
