[SECURITY] [DLA 1649-1] spice security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : spice
Version : 0.12.5-1+deb8u7
CVE ID : CVE-2019-3813
Debian Bug : 920762
Christophe Fergeau discovered an out-of-bounds read vulnerability in
spice, a SPICE protocol client and server library, which might result in
denial of service (spice server crash), or possibly, execution of
arbitrary code.
For Debian 8 "Jessie", this problem has been fixed in version
0.12.5-1+deb8u7.
We recommend that you upgrade your spice packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlxR0KMACgkQnUbEiOQ2
gwIcvQ/8CTN3oXVpYlP4S3M5RDw6hODVs4mVybrfhtejODuDx0GxMjg2Iv9m8jv0
KjIIaiTKc9cDFeRoc0mi5vA4ZBqCY98OFX7BQfNBhEdVbaAUjxeTCXR6Mddg2VwZ
Zg9YfVWACCovmcDszmzGzheD7a/x3aWTZlZuwiTC2+aORqWHGsWQhrsovM1aSDoQ
VXrAvuuzrtFks3FoYG2Y8RqBT9FZsUfBq4BVBtN7WJm7xsEebFxjhQEgb37vNhFB
9qQtHJ0L6mstkY9Dmb+jLz2iPh0qn1Lxin67P8FOnRGfEYgYmKjqhxDyl2W3TFiX
TCksBGdz+Xyfw8fV+thMFKJmUZwfmv550mqD4yKItrxztS06Bi0S3PHU1PMLRhSq
VRZzCTY4is672amqPYMuwpQpa4DlpVh6S30enH8IyD0LPwZJqyi+kwgLUJe0OcT+
2qGGcRpwTAffL/rFlznUBhCQdDYfOCvCoJ+om4E5+rnxFKJrRrXPaNAC5rDzRi7B
cjH/JaMx1GEUxGIXx5YCKVXbsGxMvYIiqN8Q3hPed6wDv0iY3uTi77NPsYz8igWk
RqWblmYba8NFsfpYPGIRn04Djk1YUsvmMPo0MzrMGBtX5i8Pr5ox28mo7xrQ7ZZV
TNqYKCrMYafOsBLrSnjhpKgfvALrnuVHzweVFByvHPfY2QkoaCI=
=u/JL
-----END PGP SIGNATURE-----
Reply to: