From 106090aebc4507575641da0e99fe431379ecc2a9 Mon Sep 17 00:00:00 2001 From: Utkarsh Gupta Date: Sun, 1 Nov 2020 22:40:52 +0530 Subject: DLA-2428-1 advisory --- english/lts/security/2020/dla-2428.data | 10 ++++++++++ english/lts/security/2020/dla-2428.wml | 28 ++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 english/lts/security/2020/dla-2428.data create mode 100644 english/lts/security/2020/dla-2428.wml diff --git a/english/lts/security/2020/dla-2428.data b/english/lts/security/2020/dla-2428.data new file mode 100644 index 00000000000..9d23c929d5c --- /dev/null +++ b/english/lts/security/2020/dla-2428.data @@ -0,0 +1,10 @@ +DLA-2428-1 spice-gtk +2020-11-01 +CVE-2020-14355 Bug#971751 +spice-gtk +yes +yes +no + +#use wml::debian::security + diff --git a/english/lts/security/2020/dla-2428.wml b/english/lts/security/2020/dla-2428.wml new file mode 100644 index 00000000000..b8186b476da --- /dev/null +++ b/english/lts/security/2020/dla-2428.wml @@ -0,0 +1,28 @@ +LTS security update + +

Multiple buffer overflow vulnerabilities were found in the QUIC +image decoding process of the SPICE remote display system.

+ +

Both the SPICE client (spice-gtk) and server are affected by +these flaws. These flaws allow a malicious client or server to +send specially crafted messages that, when processed by the +QUIC image compression algorithm, result in a process crash or +potential code execution.

+ +

For Debian 9 stretch, this problem has been fixed in version +0.33-3.3+deb9u2.

+ +

We recommend that you upgrade your spice-gtk packages.

+ +

For the detailed security status of spice-gtk please refer to +its security tracker page at: +https://security-tracker.debian.org/tracker/spice-gtk

+ +

Further information about Debian LTS security advisories, how to apply +these updates to your system and frequently asked questions can be +found at: https://wiki.debian.org/LTS

+ + +# do not modify the following line +#include "$(ENGLISHDIR)/lts/security/2020/dla-2428.data" +# $Id: $ -- cgit v1.2.3