Ubuntu
spice-vdagent package

spice-vdagent 0.20.0-2 source package in Ubuntu

Changelog

spice-vdagent (0.20.0-2) unstable; urgency=medium

  * QA upload.
  * Set Maintainer to Debian QA Group. (see #911430)
  * Add changes from Ubuntu:
    * SECURITY UPDATE: Memory DoS via Arbitrary Entries in active_xfers Hash
      Table
      - debian/patches/CVE-2020-25650-1.patch: avoid agents allocating file
        transfers in src/vdagentd/vdagentd.c.
      - debian/patches/CVE-2020-25650-2.patch: avoid uncontrolled
        active_xfers allocations in src/vdagentd/vdagentd.c.
      - CVE-2020-25650
    * SECURITY UPDATE: Possible File Transfer DoS and Information Leak via
      active_xfers Hash Map
      - debian/patches/CVE-2020-25651-1.patch: cleanup active_xfers when the
        client disconnects in src/vdagentd/vdagentd.c.
      - debian/patches/CVE-2020-25651-2.patch: do not allow using an already
        used file-xfer id in src/vdagentd/vdagentd.c.
      - CVE-2020-25651
    * SECURITY UPDATE: Possibility to Exhaust File Descriptors in vdagentd
      - debian/patches/CVE-2020-25652-1.patch: avoid unlimited agent
        connections in src/udscs.c.
      - debian/patches/CVE-2020-25652-2.patch: limit number of agents per
        session to 1 in src/vdagentd/vdagentd.c.
      - CVE-2020-25652
    * SECURITY UPDATE: UNIX Domain Socket Peer PID Retrieved via SO_PEERCRED
      is Subject to Race Condition
      - debian/patches/CVE-2020-25653-1.patch: avoid user session hijacking
        in src/vdagent-connection.c, src/vdagent-connection.h,
        src/vdagentd/vdagentd.c.
      - debian/patches/CVE-2020-25653-2.patch: better check for sessions in
        src/vdagentd/console-kit.c, src/vdagentd/dummy-session-info.c,
        src/vdagentd/session-info.h, src/vdagentd/systemd-login.c,
        src/vdagentd/vdagentd.c.
      - CVE-2020-25653
    * Additional fixes:
      - debian/patches/CVE-2020-2565x-1.patch: avoid calling chmod in
        src/vdagentd/vdagentd.c.
    (Closes: #973769)

 -- Adrian Bunk <email address hidden>  Thu, 03 Dec 2020 21:37:35 +0200

Upload details

Uploaded by:
Debian QA Group
Uploaded to:
Sid
Original maintainer:
Debian QA Group
Architectures:
any
Section:
x11
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
spice-vdagent_0.20.0-2.dsc 2.4 KiB fc27ab22dc76114b5bba8f63199500054baa6a555bc4fb4da17aabdd12acceca
spice-vdagent_0.20.0.orig.tar.bz2 148.9 KiB 2e6b7222675ee19ea38c52165abe4d836c2ac5d5bf902d4dfca13da1ec143359
spice-vdagent_0.20.0.orig.tar.bz2.asc 833 bytes d2863154dac77d3ab3cfe87b139429041bdad4ff8bf73d75c3726ab248fce340
spice-vdagent_0.20.0-2.debian.tar.xz 20.6 KiB 92233464205236df6fe8f078473fb6ec39526f62cc5aa467ab5d4c02e301e6fe

No changes file available.

Binary packages built by this source

spice-vdagent: No summary available for spice-vdagent in ubuntu hirsute.

No description available for spice-vdagent in ubuntu hirsute.

spice-vdagent-dbgsym: No summary available for spice-vdagent-dbgsym in ubuntu hirsute.

No description available for spice-vdagent-dbgsym in ubuntu hirsute.