Debian Bug report logs -
#920762
spice: CVE-2019-3813: Off-by-one error in array access in spice/server/memslot.c
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 28 Jan 2019 20:15:01 UTC
Severity: grave
Tags: patch, security, upstream
Found in versions spice/0.14.0-1.2, spice/0.12.8-2.1, spice/0.12.8-2.1+deb9u2
Fixed in versions spice/0.12.8-2.1+deb9u3, spice/0.14.0-1.3
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Liang Guo <guoliang@debian.org>:
Bug#920762; Package src:spice.
(Mon, 28 Jan 2019 20:15:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Liang Guo <guoliang@debian.org>.
(Mon, 28 Jan 2019 20:15:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: spice
Version: 0.14.0-1.2
Severity: grave
Tags: security upstream
Control: found -1 0.12.8-2.1+deb9u2
Control: found -1 0.12.8-2.1
Control: fixed -1 0.12.8-2.1+deb9u3
Hi,
The following vulnerability was published for spice.
CVE-2019-3813[0]:
Off-by-one error in array access in spice/server/memslot.c
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-3813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3813
[1] https://www.openwall.com/lists/oss-security/2019/01/28/2
Regards,
Salvatore
Marked as found in versions spice/0.12.8-2.1+deb9u2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to submit@bugs.debian.org.
(Mon, 28 Jan 2019 20:15:04 GMT) (full text, mbox, link).
Marked as found in versions spice/0.12.8-2.1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to submit@bugs.debian.org.
(Mon, 28 Jan 2019 20:15:05 GMT) (full text, mbox, link).
Marked as fixed in versions spice/0.12.8-2.1+deb9u3.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to submit@bugs.debian.org.
(Mon, 28 Jan 2019 20:15:06 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Liang Guo <guoliang@debian.org>:
Bug#920762; Package src:spice.
(Mon, 28 Jan 2019 20:45:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Liang Guo <guoliang@debian.org>.
(Mon, 28 Jan 2019 20:45:03 GMT) (full text, mbox, link).
Message #16 received at 920762@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags 920762 + patch
Control: tags 920762 + pending
Dear maintainer,
I've prepared an NMU for spice (versioned as 0.14.0-1.3) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards,
Salvatore
[spice-0.14.0-1.3-nmu.diff (text/x-diff, attachment)]
Added tag(s) patch.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 920762-submit@bugs.debian.org.
(Mon, 28 Jan 2019 20:45:03 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 920762-submit@bugs.debian.org.
(Mon, 28 Jan 2019 20:45:03 GMT) (full text, mbox, link).
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Wed, 30 Jan 2019 21:09:06 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Wed, 30 Jan 2019 21:09:06 GMT) (full text, mbox, link).
Message #25 received at 920762-close@bugs.debian.org (full text, mbox, reply):
Source: spice
Source-Version: 0.14.0-1.3
We believe that the bug you reported is fixed in the latest version of
spice, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 920762@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated spice package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 28 Jan 2019 13:04:44 +0100
Source: spice
Binary: libspice-server-dev libspice-server1 libspice-server1-dbgsym
Architecture: source
Version: 0.14.0-1.3
Distribution: unstable
Urgency: medium
Maintainer: Liang Guo <guoliang@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 920762
Description:
libspice-server-dev - Header files and development documentation for spice-server
libspice-server1 - Implements the server side of the SPICE protocol
Changes:
spice (0.14.0-1.3) unstable; urgency=medium
.
* Non-maintainer upload.
* memslot: Fix off-by-one error in group/slot boundary check (CVE-2019-3813)
(Closes: #920762)
Checksums-Sha1:
df63aa51c7effe26d46a1ca019e0820279cdb8fc 2810 spice_0.14.0-1.3.dsc
bcb74fbe6526135af0cbb6118712cc9c301f56bd 20036 spice_0.14.0-1.3.debian.tar.xz
Checksums-Sha256:
7b1cc9ea00c8eb21ea1b72bd5fc45e3c6f5735a147bcfa95d1882ed7dbe7c403 2810 spice_0.14.0-1.3.dsc
5ebffa2e91b0a155e4a7389f874761181eb61c6af0c51137c92f11ac7b54170b 20036 spice_0.14.0-1.3.debian.tar.xz
Files:
71094a47fb030c92d7caa563e3b87c92 2810 misc optional spice_0.14.0-1.3.dsc
39416f9bc1eda7e30e8fcd9f73ee87ae 20036 misc optional spice_0.14.0-1.3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlxPZ5lfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EqWMP/jlRXB2J97r0FtU39HZ5UT0UDDaja+gx
sDNU0LAzQdCObY3tiH0TtduVjYY36mUhRdGt7cX58B+0dafH00aZ7OZ4qY4PeLOL
VYpkmkE39U8glICaVJXmW+nRvGAgLw0SfZ0O4QWSP+RvIu8VPLyfxDyyGJi2abp9
vFLohy6cBzSHBkq0VKnJLq2eluypD7xbKlHcqhkgXnklQRJhBA8GQ6YvMjpFGiOV
XVmr5R8K3G+Vpgc++Q1Lq1tEw3pHxribnthjzyJrxq/wki4wyx1z1LYM+7t+jMA/
iQs6UlMAnrc1ynjxRKB7VfzbIwnuBFVhZSE3PVdRFRMIfzEqqW1pTm7+nxTekRGU
WIw1I4v+4l7vk2kN8OKkUFw0z8Wr/W8WuB0T/iK86K72WAayycU/1LWvPp+WvCaG
WAV2O/v8+eQmc0YUGcyxPa8gcPQtOcylFGlI89vgEOmGpQ50zVZgtBfqMfC0+bd6
j4A7EtqWHoHwXLd2ArGfS7duPIhlW8070J+v4ckybL9D2/qJipmBFWmiXAbyZBh+
euspJ8vLARmbP7g3Qm4buqbzQUMgHudSmm34dUYD1L5AapWeFRyP4U5zz0SBqIgO
zzC5jlD9NOZLTDoHDaOmrE5pN/DrgzzjDA8EAVCoLlymVB6sST3dYWb9MbcgayJx
b160kFnAjw4G
=u0LA
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 05 Mar 2019 07:29:52 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:35:55 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon