This should actually be fixed in qemu without recompiling it. That's why we have shared libraries. Can you confirm? -Michael On Fri, 2016-07-15 at 17:27 +0200, Jonatan Schlag wrote: > This is an security update. > Recent were 2 serious security vulnerabilities published. > This patch update spice to a version which is not vulnerable. > > The qemu version is pushed to deliver a qemu which is linked against > the non vulnerable version. > > Changelog: > > Changes in 0.12.8: > ================== > * Fixes for CVE-2016-0749 and CVE-2016-2150 > > Changes in 0.12.7: > ================== > * spice-server will now send TCP keepalive probes on the TCP connections >   it >   uses. This can prevent unwanted idle disconnections if proxies are >   used >   between the client and the host. > * Fix important memory usage when the webdav channel is used > * Do not disconnect when the client requests an unsupported compression >   type > * Fix a few race conditions > * Fix display glitch when using XSpice > * Improve help string for 'replay -s' > * Fix crashes in corner cases (buggy spice-html5 + win10, vnc + SPICE >   port >   configured, USB webcam redirection over a slow link) > * Fix various compilation warning when building on 32 bit machines > * Some fixes for big-endian machines, more work is likely to be needed > * Do not build static libraries by default, this can be reenabled with >   --enable-static > * Fix small leak in MJPEG code > > Signed-off-by: Jonatan Schlag > --- >  config/rootfiles/packages/spice | 2 +- >  lfs/qemu                        | 2 +- >  lfs/spice                       | 6 +++--- >  3 files changed, 5 insertions(+), 5 deletions(-) > > diff --git a/config/rootfiles/packages/spice b/config/rootfiles/packages/spice > index 93d2e9e..91fc0a6 100644 > --- a/config/rootfiles/packages/spice > +++ b/config/rootfiles/packages/spice > @@ -13,5 +13,5 @@ >  #usr/lib/libspice-server.la >  #usr/lib/libspice-server.so >  usr/lib/libspice-server.so.1 > -usr/lib/libspice-server.so.1.10.0 > +usr/lib/libspice-server.so.1.10.1 >  #usr/lib/pkgconfig/spice-server.pc > diff --git a/lfs/qemu b/lfs/qemu > index 62010ee..d494845 100644 > --- a/lfs/qemu > +++ b/lfs/qemu > @@ -33,7 +33,7 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP) >  TARGET     = $(DIR_INFO)/$(THISAPP) >  SUP_ARCH   = i586 x86_64 >  PROG       = qemu > -PAK_VER    = 20 > +PAK_VER    = 21 >   >  DEPS       = "sdl spice" >   > diff --git a/lfs/spice b/lfs/spice > index 415d5aa..80e88dd 100644 > --- a/lfs/spice > +++ b/lfs/spice > @@ -24,7 +24,7 @@ >   >  include Config >   > -VER        = 0.12.6 > +VER        = 0.12.8 >   >  THISAPP    = spice-$(VER) >  DL_FILE    = $(THISAPP).tar.bz2 > @@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE) >  DIR_APP    = $(DIR_SRC)/$(THISAPP) >  TARGET     = $(DIR_INFO)/$(THISAPP) >  PROG       = spice > -PAK_VER    = 1 > +PAK_VER    = 2 >   >  DEPS       = "opus" >   > @@ -44,7 +44,7 @@ objects = $(DL_FILE) >   >  $(DL_FILE) = $(DL_FROM)/$(DL_FILE) >   > -$(DL_FILE)_MD5 = 605a8c8ea80bc95076c4b3539c6dd026 > +$(DL_FILE)_MD5 = 376853d11b9921aa34a06c4dbef81874 >   >  install : $(TARGET) >