-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 02 Jan 2019 16:26:53 +0100 Source: libvncserver Binary: libvncclient1 libvncserver1 libvncserver-dev libvncserver-config libvncclient1-dbg libvncserver1-dbg Architecture: source Version: 0.9.11+dfsg-1.2 Distribution: unstable Urgency: high Maintainer: Peter Spiess-Knafl <dev@spiessknafl.at> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 916941 Description: libvncclient1 - API to write one's own VNC server - client library libvncclient1-dbg - debugging symbols for libvncclient libvncserver-config - API to write one's own VNC server - library utility libvncserver-dev - API to write one's own VNC server - development files libvncserver1 - API to write one's own VNC server libvncserver1-dbg - debugging symbols for libvncserver Changes: libvncserver (0.9.11+dfsg-1.2) unstable; urgency=high . * Non-maintainer upload. * Fix multiple security vulnerabilities (Closes: #916941) - Use-after-free in file transfer extension allows for potential code execution (CVE-2018-15126) - Heap out-of-bounds write in rfbserver.c:rfbProcessFileTransferReadBuffer() allows for potential code execution (CVE-2018-15127) - Multiple heap out-of-bound writes in VNC client code (CVE-2018-20019) - Heap out-of-bound write inside structure in VNC client code allows for potential code execution (CVE-2018-20020) - Infinite loop in VNC client code allows for denial of service (CVE-2018-20021) - Improper initialization in VNC client code allows for information disclosure (CVE-2018-20022) - Improper initialization in VNC Repeater client code allows for information disclosure (CVE-2018-20023) - NULL pointer dereference in VNC client code allows for denial of service (CVE-2018-20024) - Use-after-free in file transfer extension server code allows for potential code execution (CVE-2018-6307) * Update symbols file for libvncserver1. The fix for CVE-2018-15126 removes CloseUndoneFileTransfer and introduces new CloseUndoneFileDownload and CloseUndoneFileUpload. Checksums-Sha1: 3ec5f78c38f20fe884ffe8d29a223e2ff7534b1b 2561 libvncserver_0.9.11+dfsg-1.2.dsc a94f5d6d8881a16617919e8bd1e57e104fb209cc 19128 libvncserver_0.9.11+dfsg-1.2.debian.tar.xz Checksums-Sha256: cbd1a4cd125472bb4290e923585a2a4f089bd449337066ccca587a7913f19fd6 2561 libvncserver_0.9.11+dfsg-1.2.dsc 18305a97f5985650e3da106374342a021cff20af15d370db068e2b67e086bf79 19128 libvncserver_0.9.11+dfsg-1.2.debian.tar.xz Files: bac2a495a871848aeeafce41664fba94 2561 libs optional libvncserver_0.9.11+dfsg-1.2.dsc e00d64f7c66117d9792a1a446851dfa6 19128 libs optional libvncserver_0.9.11+dfsg-1.2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlwuHvFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ep9gP/RnE1Pxc9ecwocLiU71HAxf5GtNSL0uV ar5MP9s7ExVYib4zO6kB/8wHxsRXzRv0sHolBfKMdrxBTmjY+f+GwWTyj8YpMuiq Nv+xSUNDE1b2h8x8EwH5wo4yAFaAyN+cw6KDqUFJolJtQPnO0shG3a7tEUnrxEm/ zxbsmKTQPR0+qk3XRIipaquIq8TuculZdqX30Jfbypu2/+br39nsVXaCOmbzHpIk VkJ7BEi9ZWDZZmmqbPMapth+tZuOICnpnzUB/EZ/510Y9QvFYyWOnAHRQ6TZY0e0 lvkOazpLUWBH/M+NNaoTX/Ivr/7mkvegNVdozGvIQ8bys9rL75jamP4kRuZ4LB/8 qnv+yBwcCOioPH1jj6QzfusqetFGd0w7QQQJjLxvhniukB2MdJwt1Qfu/S7qvlFv YGHN3Dj2QUXDtp3Iv3oBA4n2OsbkrTgky+574NsGrw/o1wzCjuwuajSgYxLLz4G1 PZSCVD4eZqJk2aTch3wa4kzyLchBIfJ8mi5wGVeqONWpBxJ/YaWU0D/7MQ4JVeIK 6cHwErqgklotbMVvaK5KRoq7ogf7a4n2oH+Vjou9tRKoqJnYhrMapJCAhw0dAv5O D+3bruzWc32LAmSiZYF90XufS5SELj2seXGppR18iQWyKcx2Hcj0paLn+bpiDypx hf9HZeOpVDIT =6eme -----END PGP SIGNATURE-----
