ubuntu/+source/spice:applied/ubuntu/zesty-security

Last commit made on 2017-07-19
Get this branch:
git clone -b applied/ubuntu/zesty-security https://git.launchpad.net/ubuntu/+source/spice
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/zesty-security
Repository:
lp:ubuntu/+source/spice

Recent commits

e57cfef... by Marc Deslauriers on 2017-07-18

Import patches-applied version 0.12.8-2ubuntu1.1 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: f955694bfa6cc6c18a0aeb35b60bffcd2b5537f3
Unapplied parent: dae819c05f04f7772669e6cde2632aebbb7c4d96

New changelog entries:
  * SECURITY UPDATE: buffer overflow via invalid monitor configurations
    - debian/patches/CVE-2017-7506-1.patch: disconnect when receiving
      overly big ClientMonitorsConfig in server/reds.c.
    - debian/patches/CVE-2017-7506-2.patch: avoid integer overflows
      handling monitor configuration in server/reds.c.
    - debian/patches/CVE-2017-7506-3.patch: avoid buffer overflows handling
      monitor configuration in server/reds.c.
    - CVE-2017-7506

dae819c... by Marc Deslauriers on 2017-07-18

reds: Avoid buffer overflows handling monitor configuration

Gbp-Pq: CVE-2017-7506-3.patch.

b1acd81... by Marc Deslauriers on 2017-07-18

reds: Avoid integer overflows handling monitor configuration

Gbp-Pq: CVE-2017-7506-2.patch.

e4e16f6... by Marc Deslauriers on 2017-07-18

reds: Disconnect when receiving overly big ClientMonitorsConfig

Gbp-Pq: CVE-2017-7506-1.patch.

498b479... by Marc Deslauriers on 2017-07-18

Prevent integer overflows in capability checks

Gbp-Pq: CVE-2016-9578-2.patch.

badef77... by Marc Deslauriers on 2017-07-18

Prevent possible DoS attempts during protocol handshake

Gbp-Pq: CVE-2016-9578-1.patch.

cb91c28... by Marc Deslauriers on 2017-07-18

main-channel: Prevent overflow reading messages from client

Gbp-Pq: CVE-2016-9577.patch.

a19637e... by Marc Deslauriers on 2017-07-18

do not link spice with libcacard

Gbp-Pq: stop-linking-with-libcacard.diff.

2477b2e... by Marc Deslauriers on 2017-07-18

Import patches-unapplied version 0.12.8-2ubuntu1.1 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 9b766cfdd4dffc01a4bc018cf3bc58d678f763ac

New changelog entries:
  * SECURITY UPDATE: buffer overflow via invalid monitor configurations
    - debian/patches/CVE-2017-7506-1.patch: disconnect when receiving
      overly big ClientMonitorsConfig in server/reds.c.
    - debian/patches/CVE-2017-7506-2.patch: avoid integer overflows
      handling monitor configuration in server/reds.c.
    - debian/patches/CVE-2017-7506-3.patch: avoid buffer overflows handling
      monitor configuration in server/reds.c.
    - CVE-2017-7506

f955694... by Marc Deslauriers on 2017-02-15

Import patches-applied version 0.12.8-2ubuntu1 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 1c308d447f0f410602b59b98286aff26c37490fb
Unapplied parent: c1067ec3e88f0a89105e0e54f8ead0463d0025e9

New changelog entries:
  * SECURITY UPDATE: overflow when reading large messages
    - debian/patches/CVE-2016-9577.patch: check size in
      server/main_channel.c.
    - CVE-2016-9577
  * SECURITY UPDATE: DoS via crafted message
    - debian/patches/CVE-2016-9578-1.patch: limit size in server/reds.c.
    - debian/patches/CVE-2016-9578-2.patch: limit caps in server/reds.c.
    - CVE-2016-9578