CVE-2016-9578

Name	CVE-2016-9578
Description	A vulnerability was discovered in SPICE before 0.13.90 in the server's ...
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-825-1, DSA-3790-1
Debian Bugs	854336

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
spice (PTS)	bullseye	0.14.3-2.1	fixed
	bookworm	0.15.1-1	fixed
	trixie	0.15.2-1	fixed
	forky, sid	0.16.0-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
spice	source	wheezy	0.11.0-1+deb7u4	DLA-825-1
spice	source	jessie	0.12.5-1+deb8u4	DSA-3790-1
spice	source	(unstable)	0.12.8-2.1		854336

Notes

Fixed by: https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=1c6517973095a67c8cb57f3550fc1298404ab556 (0.12.x)
Fixed by: https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a (0.12.x)