-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: spice Binary: spice-client, libspice-server1, libspice-server1-dbg, libspice-server-dev Architecture: i386 amd64 Version: 0.12.5-1+deb8u2 Maintainer: Liang Guo <[email protected]> Uploaders: Michael Tokarev <[email protected]> Homepage: http://spice-space.org/ Standards-Version: 3.9.4 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/spice.git Vcs-Git: git://anonscm.debian.org/collab-maint/spice.git Build-Depends: debhelper (>= 9), pkg-config, python, libopus-dev (>= 0.9.14), libpixman-1-dev (>= 0.17.7~), libxrandr-dev (>= 1.2~), libasound2-dev, libssl-dev, libxfixes-dev, libsasl2-dev, libjpeg-dev, libxinerama-dev, python-pyparsing, libglib2.0-dev (>= 2.22~) Package-List: libspice-server-dev deb libdevel optional arch=i386,amd64 libspice-server1 deb libs optional arch=i386,amd64 libspice-server1-dbg deb debug extra arch=i386,amd64 spice-client deb misc optional arch=i386,amd64 Checksums-Sha1: 2fabe47611cac6b43b3c2c61e400d7375f06e16a 1737169 spice_0.12.5.orig.tar.bz2 9df0315e5d107869b57960ac5954d9e2ba5abf36 24968 spice_0.12.5-1+deb8u2.debian.tar.xz Checksums-Sha256: 4209a20d8f67cb99a8a6ac499cfe79a18d4ca226360457954a223d6795c2f581 1737169 spice_0.12.5.orig.tar.bz2 2941836cec7e3d4c9f2e46bb0c859fcc6cfb305ba1503e6f8317d90fc0b6d9ec 24968 spice_0.12.5-1+deb8u2.debian.tar.xz Files: 1256286214fe402703c0a01bd3a85319 1737169 spice_0.12.5.orig.tar.bz2 b4c866c1fd31f4fd54c65c41a68ddc4c 24968 spice_0.12.5-1+deb8u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWFDhhAAoJEAVMuPMTQ89EGZAP/j7cjoZb7AHV3Dzfz8eG7ZIS pxj7ZJ0s3GtXPelb16a/D6389wpoV9xwRByOK42if47FAHxMDi+C+eZRA6vP7HRM MZMX8i6eaZe1paJjCRuChetljQMAV905lxhIb3M+XRaHfzIanX0gbGviiEipV5Mx SyU8w7toEbH3sgQJTn/A6Edpv6f03IMQhzvEEo6+W7GlhrL/YL+NEcvVZN1v6AR9 crmi0mepySEZq67xibV0KFr6G+JSBiS8G+W4EI+/PQ8evg/apaC9D2bxtTr81LzY +aJ2XDg51rafkbul5FEVWZW1TiEa7kX6BuTpSrp288aT2L1wS6OrA+ke4DACUOn2 Gm/lQZ1QjJshObWT3OhSGT4RkDLeRt2ggl3mJYHx2OvnBhS30c9lGGgWwEMdo7p6 /fKY2Fr+dlx+rqmBB3BNeiq7pp4gu93PvVryKMZ6CrPW7EgemaEylv2Fmusmip4R KRD6i526xMv4z3XFuFr/7dyXXL0wpeniEbwrRP+ubf0ct1AzJHtbziA0H9mFb0in ycwH6LNiYKFGixRJ17i4xttSEZTUoItloEgkvFiZOGVyRFdJ8N0Wf0QudNqRS2uX Sjar9PnQuIzyhImwd6TFIoVFQ3Uyl2JOjbzbTPC9jkDs7PWoTrfC2Ca3kNhJR8fc zPMsxtV5P1mHKVbd5Ybq =1Chw -----END PGP SIGNATURE----- Changes: spice (0.12.5-1+deb8u2) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * Add series of patches for CVE-2015-5260 and CVE-2015-6261. CVE-2015-5260: insufficient validation of surface_id parameter can cause crash. (Closes: #801089) CVE-2015-5261: host memory access from guest using crafted images. (Closes: #801091) -- Salvatore Bonaccorso <[email protected]> Tue, 06 Oct 2015 23:02:42 +0200