spice (0.11.0-1+deb7u4) wheezy-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Add CVE-2016-9577-and-CVE-2016-9578.patch:
    - CVE-2016-9577: A buffer overflow vulnerability in
      main_channel_alloc_msg_rcv_buf was found that occurs when reading large
      messages due to missing buffer size check.
    - CVE-2016-9578: A vulnerability was discovered in the server's
      protocol handling. An attacker able to connect to the spice server could
      send crafted messages which would cause the process to crash.
      (Closes: #854336)

 -- Markus Koschany <apo@debian.org>  Fri, 17 Feb 2017 00:22:08 +0100

spice (0.11.0-1+deb7u3) wheezy-security; urgency=medium

  * Non-maintainer upload by the Debian LTS Team.
  * Fix CVE-2016-2150: Host memory access from guest using crafted primary
    surface parameters (Closes: #826584)

 -- Santiago Ruano Rincón <santiagorr@riseup.net>  Sun, 26 Jun 2016 15:58:13 +0200

spice (0.11.0-1+deb7u2) wheezy-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Add series of patches for CVE-2015-5260 and CVE-2015-6261.
    CVE-2015-5260: insufficient validation of surface_id parameter can cause
    crash. (Closes: #801089)
    CVE-2015-5261: host memory access from guest using crafted images.
    (Closes: #801091)

 -- Salvatore Bonaccorso <carnil@debian.org>  Thu, 08 Oct 2015 17:41:09 +0200

spice (0.11.0-1+deb7u1) wheezy-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Add CVE-2013-4130.patch patch.
    CVE-2013-4130: unsafe clients ring access abort. An user able to
    initiate spice connection to the guest could use this flaw to crash the
    guest. (Closes: #717030)
  * Add CVE-2013-4282.patch patch.
    CVE-2013-4282: Fix buffer overflow when decrypting client SPICE ticket.
    A remote user able to initiate a SPICE connection to an application
    acting as a SPICE server could use this flaw to crash the application.
    (Closes: #728314)

 -- Salvatore Bonaccorso <carnil@debian.org>  Fri, 03 Jan 2014 17:52:06 +0100

spice (0.11.0-1) unstable; urgency=low

  * New upstream release
  * Breaks spice-gtk (<= 0.12-2)
  * Refresh debian/libspice-server1.symbols
  * debian/control:
    - Update my e-mail address
    - Add python-pyparsing to Build-Depends
  * debian/patches:
    - Remove fix-error-path-return-in-snd_set_record_peer.patch, 
      applied upstream
    - Refresh make-celt-to-be-optional.patch
    - Refresh link-libspice-server-with-libm-libpthread.patch
  * Simplify debian/rules, celt removed, no reason to use 
    traditional one
  * Disable smartcard, not in debian yet
  * Refresh debian/copyright

 -- Liang Guo <guoliang@debian.org>  Sat, 09 Jun 2012 11:33:05 +0800

spice (0.10.1-3~nocelt) experimental; urgency=low

  * Applying for co-maintenance, adding myself to Uploaders (Closes: #671627)
  * Bump Standards-Version to 3.9.3 (no changes)
  * link-libspice-server-with-libm-libpthread.patch - missing libraries
  * Enable multiarch for libspice-server, bump debhelper compat to 9
  * do not require root in clean target
  * build-depend on dh-autoreconf and python to be able to run autoreconf
    and python code generator
  * use dh_autoreconf, do not ship debian/source/options anymore
  * consolidate clean target in debian/rules
  * 2 patches:
    - fix-error-path-return-in-snd_set_record_peer.patch (from upstream git),
      which is a pre-requisite for the next patch, and
    - make-celt-to-be-optional.patch (sent to upstream).
    This makes it possible to build spice without celt.
  * Disable celt051 usage.

 -- Michael Tokarev <mjt@tls.msk.ru>  Sat, 02 Jun 2012 16:18:56 +0400

spice (0.10.1-2) unstable; urgency=low

  * added dependency on libxinerama-dev to
    libspice-server-dev, temporarily, till
    either upstream or we will have better
    solution.  libspice-server does not use
    xinerama in any way, yet it is listed in
    the requiriments in the pkg-config file,
    which is generated at configure time.
    (Closes: #658173)

 -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 01 Feb 2012 01:08:34 +0400

spice (0.10.1-1) unstable; urgency=low

  * New upstream release
  * Refresh libspice-server1.symbols
  * debian/control
    - Change Build-Depends on libspice-protocol-dev to (>= 0.10.1~)
    - Add libxinerama-dev to Build-Depends
  
 -- Liang Guo <bluestonechina@gmail.com>  Fri, 27 Jan 2012 23:28:26 +0800

spice (0.10.0-1) unstable; urgency=low

  [ Liang Guo ]
  * New upstream release (Closes: #651262)
  * Refresh debian/copyright
  * Remove fix-typo-in-cmd_line_parser-cpp.patch, applied upstream
  * Remove fix-typo-in-record-cpp.patch, applied upstream
  * Remove use-requires-private-for-libspice-pkgconfig.patch, applied upstream
  * Change Build-Depends on libspice-protocol-dev to (>= 0.9.1~)
  * Refresh libspice-server1.symbols
  * Update debian/rules clean target
  * Ignore common/win/my_getopt-1.5/Makefile change when building package
  * debian/control: set DMUA

  [ Michael Tokarev ]
  * use `rm -f' instead of `-rm' in debian/rules clean targets
  * remove python_modules/*.pyc in clean target
  
 -- Liang Guo <bluestonechina@gmail.com>  Tue, 29 Nov 2011 14:37:08 +0800
  
spice (0.8.3-1) unstable; urgency=low

  * New upstream release
  * Update debian/copyright to fit DEP-5
  * Remove drop-unnecessary-build-request.patch, applied upstream
  * Update Build-Depends on libspice-protocol-dev to 0.8.2~
  * Disable GUI support, CEGUI version in Debian not supported
  * Add libjpeg-dev to Build-Depends
  * Refresh libspice-server1.symbols

 -- Liang Guo <bluestonechina@gmail.com>  Thu, 20 Oct 2011 11:13:23 +0800

spice (0.8.2-2) unstable; urgency=low

  [ Michael Tokarev ]
  * move libraries used internally by libspice-server from Requires
    to Requires.private in pkg-config file

  [ Liang Guo ]
  * Add libpixman-1-dev and libssl-dev to libspice-server-dev
    Depends (Closes: #637189)
  * Remove alsa, xrandr, xfixes, x11, xext and xrender 
    from spice-server.pc Requires
  * Fix typo in debian/spicec.1

 -- Liang Guo <bluestonechina@gmail.com>  Tue, 16 Aug 2011 10:36:31 +0800

spice (0.8.2-1) unstable; urgency=low

  * Initial release (Closes: #560721)

 -- Liang Guo <bluestonechina@gmail.com>  Sat, 23 Jul 2011 12:21:04 +0800

