ubuntu/+source/spice:ubuntu/trusty-updates

Last commit made on 2019-01-28
Get this branch:
git clone -b ubuntu/trusty-updates https://git.launchpad.net/ubuntu/+source/spice
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-updates
Repository:
lp:ubuntu/+source/spice

Recent commits

c6a414d... by Marc Deslauriers on 2019-01-24

Import patches-unapplied version 0.12.4-0nocelt2ubuntu1.8 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 41a3353809a5bc930ce9aad78dc2fa6ce2823d9e

New changelog entries:
  * SECURITY UPDATE: off-by-one error in memslot_get_virt
    - debian/patches/CVE-2019-3813.patch: fix checks in
      server/red_memslots.c.
    - CVE-2019-3813

41a3353... by Leonidas S. Barbosa on 2018-08-20

Import patches-unapplied version 0.12.4-0nocelt2ubuntu1.7 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 405002d2978e149c24b0e4bd163ad819ad6f9604

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-10873.patch: fix in
      spice-common/python_modules/demarshal.py,
    - CVE-2018-10873

405002d... by Leonidas S. Barbosa on 2018-05-22

Import patches-unapplied version 0.12.4-0nocelt2ubuntu1.6 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 87a3420bc82c78a52dcc72b274b8e693a91d87f7

New changelog entries:
  * SECURITY UPDATE: Integer overflow and buffer overflow
    - debian/patches/CVE-2017-12194-1.patch: fix a integer overflow
      computing sizes in spice-common/python_modules/demarshal.py.
    - debian/patches/CVE-2017-12194-2.patch: avoid integer overflow
      in spice-common/python_modules/demarshal.py,
      spice-common/python_modules/marshal.py.
    - CVE-2017-12194

87a3420... by Marc Deslauriers on 2017-07-18

Import patches-unapplied version 0.12.4-0nocelt2ubuntu1.5 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 30569baa79460edb56db7780a58bdc62d6736540

New changelog entries:
  * SECURITY UPDATE: buffer overflow via invalid monitor configurations
    - debian/patches/CVE-2017-7506-1.patch: disconnect when receiving
      overly big ClientMonitorsConfig in server/reds.c.
    - debian/patches/CVE-2017-7506-2.patch: avoid integer overflows
      handling monitor configuration in server/reds.c.
    - debian/patches/CVE-2017-7506-3.patch: avoid buffer overflows handling
      monitor configuration in server/reds.c.
    - CVE-2017-7506

30569ba... by Marc Deslauriers on 2017-02-15

Import patches-unapplied version 0.12.4-0nocelt2ubuntu1.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 770c8eb24207db0900480fdae6b39f55d703abd0

New changelog entries:
  * SECURITY UPDATE: overflow when reading large messages
    - debian/patches/CVE-2016-9577.patch: check size in
      server/main_channel.c.
    - CVE-2016-9577
  * SECURITY UPDATE: DoS via crafted message
    - debian/patches/CVE-2016-9578-1.patch: limit size in server/reds.c.
    - debian/patches/CVE-2016-9578-2.patch: limit caps in server/reds.c.
    - CVE-2016-9578

770c8eb... by Marc Deslauriers on 2016-06-10

Import patches-unapplied version 0.12.4-0nocelt2ubuntu1.3 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 1534c3cb2c26872f8f7b467378fa610668d1ad38

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    memory allocation flaw in smartcard interaction
    - debian/patches/CVE-2016-0749/*.patch: add a ref to item and allocate
      msg with the expected size in server/smartcard.c.
    - CVE-2016-0749
  * SECURITY UPDATE: host memory access from guest with invalid primary
    surface parameters
    - debian/patches/CVE-2016-2150/*.patch: create a function to validate
      surface parameters in server/red_parse_qxl.*, improve primary surface
      parameter checks in server/red_worker.c.
    - CVE-2016-2150
  * Added two extra commits to previous security update:
    - 0001-worker-validate-correctly-surfaces.patch
    - 0002-worker-avoid-double-free-or-double-create-of-surface.patch

1534c3c... by Marc Deslauriers on 2015-10-01

Import patches-unapplied version 0.12.4-0nocelt2ubuntu1.2 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: ea63cf4d722f3defa2e941b9c8c4d7c7f10141c5

New changelog entries:
  * SECURITY UPDATE: multiple security issues
    - debian/patches/CVE-2015-526x/*.patch: apply series of patches from
      Red Hat to fix overflows, race conditions, memory leaks and denial of
      service issues.
    - CVE-2015-5260
    - CVE-2015-5261

ea63cf4... by Marc Deslauriers on 2015-09-08

Import patches-unapplied version 0.12.4-0nocelt2ubuntu1.1 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 5d8e029ee386a148d7c12394c8f5935135a2be29

New changelog entries:
  * SECURITY UPDATE: heap corruption via monitor configs
    - debian/patches/CVE-2015-3247.patch: only read count once in
      server/red_worker.c.
    - CVE-2015-3247

5d8e029... by Serge Hallyn on 2015-05-04

Import patches-unapplied version 0.12.4-0nocelt2ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 06cd7476956ec235137c89fc337fde465ec80a4b

New changelog entries:
  [Gregory Boyce]
  * Fix newline-damaged patch (LP: #1450043)

06cd747... by Liang Guo <email address hidden> on 2013-11-07

Import patches-unapplied version 0.12.4-0nocelt2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 0a8a8053df2ef2e583d64cdb1a7694152ad878b0

New changelog entries:
  * Fix CVE-2013-4282 (Closes: #728314)