Univention Bugzilla – Bug 47996
spice: Multiple issues (4.3)
Last modified: 2018-10-17 14:57:25 CEST
New Debian spice 0.12.8-2.1+deb9u2 fixes: This update addresses the following issue: * Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/spice_0.12.8-2.1+deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-2/source/spice_0.12.8-2.1+deb9u2.dsc @@ -1,3 +1,8 @@ +0.12.8-2.1+deb9u2 [Sun, 07 Oct 2018 08:51:43 +0200] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * Fix flexible array buffer overflow (CVE-2018-10873) (Closes: #906315) + 0.12.8-2.1+deb9u1 [Tue, 04 Jul 2017 21:33:54 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://10.200.17.11/4.3-2/#5885975810584825196>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-2] 745d53d697 Bug #47996: spice 0.12.8-2.1+deb9u2 doc/errata/staging/spice.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<http://errata.software-univention.de/ucs/4.3/280.html>