spice-vdagent 0.20.0-2 source package in Ubuntu
Changelog
spice-vdagent (0.20.0-2) unstable; urgency=medium * QA upload. * Set Maintainer to Debian QA Group. (see #911430) * Add changes from Ubuntu: * SECURITY UPDATE: Memory DoS via Arbitrary Entries in active_xfers Hash Table - debian/patches/CVE-2020-25650-1.patch: avoid agents allocating file transfers in src/vdagentd/vdagentd.c. - debian/patches/CVE-2020-25650-2.patch: avoid uncontrolled active_xfers allocations in src/vdagentd/vdagentd.c. - CVE-2020-25650 * SECURITY UPDATE: Possible File Transfer DoS and Information Leak via active_xfers Hash Map - debian/patches/CVE-2020-25651-1.patch: cleanup active_xfers when the client disconnects in src/vdagentd/vdagentd.c. - debian/patches/CVE-2020-25651-2.patch: do not allow using an already used file-xfer id in src/vdagentd/vdagentd.c. - CVE-2020-25651 * SECURITY UPDATE: Possibility to Exhaust File Descriptors in vdagentd - debian/patches/CVE-2020-25652-1.patch: avoid unlimited agent connections in src/udscs.c. - debian/patches/CVE-2020-25652-2.patch: limit number of agents per session to 1 in src/vdagentd/vdagentd.c. - CVE-2020-25652 * SECURITY UPDATE: UNIX Domain Socket Peer PID Retrieved via SO_PEERCRED is Subject to Race Condition - debian/patches/CVE-2020-25653-1.patch: avoid user session hijacking in src/vdagent-connection.c, src/vdagent-connection.h, src/vdagentd/vdagentd.c. - debian/patches/CVE-2020-25653-2.patch: better check for sessions in src/vdagentd/console-kit.c, src/vdagentd/dummy-session-info.c, src/vdagentd/session-info.h, src/vdagentd/systemd-login.c, src/vdagentd/vdagentd.c. - CVE-2020-25653 * Additional fixes: - debian/patches/CVE-2020-2565x-1.patch: avoid calling chmod in src/vdagentd/vdagentd.c. (Closes: #973769) -- Adrian Bunk <email address hidden> Thu, 03 Dec 2020 21:37:35 +0200
Upload details
- Uploaded by:
- Debian QA Group
- Uploaded to:
- Sid
- Original maintainer:
- Debian QA Group
- Architectures:
- any
- Section:
- x11
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
spice-vdagent_0.20.0-2.dsc | 2.4 KiB | fc27ab22dc76114b5bba8f63199500054baa6a555bc4fb4da17aabdd12acceca |
spice-vdagent_0.20.0.orig.tar.bz2 | 148.9 KiB | 2e6b7222675ee19ea38c52165abe4d836c2ac5d5bf902d4dfca13da1ec143359 |
spice-vdagent_0.20.0.orig.tar.bz2.asc | 833 bytes | d2863154dac77d3ab3cfe87b139429041bdad4ff8bf73d75c3726ab248fce340 |
spice-vdagent_0.20.0-2.debian.tar.xz | 20.6 KiB | 92233464205236df6fe8f078473fb6ec39526f62cc5aa467ab5d4c02e301e6fe |
Available diffs
No changes file available.
Binary packages built by this source
- spice-vdagent: No summary available for spice-vdagent in ubuntu hirsute.
No description available for spice-vdagent in ubuntu hirsute.
- spice-vdagent-dbgsym: No summary available for spice-vdagent-dbgsym in ubuntu hirsute.
No description available for spice-vdagent-
dbgsym in ubuntu hirsute.