1
PublicDateAtUSN: 2015-09-08
2
Candidate: CVE-2015-5260
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5260
6
https://bugzilla.redhat.com/show_bug.cgi?id=1260908
7
https://bugzilla.redhat.com/show_bug.cgi?id=1260822
8
https://usn.ubuntu.com/usn/usn-2766-1
10
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to
11
cause a denial of service (heap-based memory corruption and QEMU-KVM crash)
12
or possibly execute arbitrary code on the host via QXL commands related to
13
the surface_id parameter.
22
upstream_spice: needs-triage
23
precise_spice: ignored (reached end-of-life)
24
precise/esm_spice: DNE (precise was needed)
25
trusty_spice: released (0.12.4-0nocelt2ubuntu1.2)
26
vivid_spice: released (0.12.5-1ubuntu0.2)
27
vivid/stable-phone-overlay_spice: DNE
28
vivid/ubuntu-core_spice: DNE
29
wily_spice: released (0.12.5-1.1ubuntu2)
30
xenial_spice: released (0.12.5-1.1ubuntu2)
31
yakkety_spice: released (0.12.5-1.1ubuntu2)
32
zesty_spice: released (0.12.5-1.1ubuntu2)
33
devel_spice: released (0.12.5-1.1ubuntu2)