-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 31 Jan 2019 12:17:10 +0100 Source: libvncserver Binary: libvncclient0 libvncserver0 libvncserver-dev libvncserver-config libvncclient0-dbg libvncserver0-dbg linuxvnc Architecture: source amd64 Version: 0.9.9+dfsg2-6.1+deb8u5 Distribution: jessie-security Urgency: medium Maintainer: Peter Spiess-Knafl <dev@spiessknafl.at> Changed-By: Emilio Pozuelo Monfort <pochu@debian.org> Description: libvncclient0 - API to write one's own vnc server - client library libvncclient0-dbg - debugging symbols for libvncclient libvncserver-config - API to write one's own vnc server - library utility libvncserver-dev - API to write one's own vnc server - development files libvncserver0 - API to write one's own vnc server libvncserver0-dbg - debugging symbols for libvncserver linuxvnc - VNC server to allow remote access to a tty Changes: libvncserver (0.9.9+dfsg2-6.1+deb8u5) jessie-security; urgency=medium . * Non-maintainer upload by the Debian LTS Team. * CVE-2018-20748: incomplete fix for CVE-2018-20019 oob heap writes. * CVE-2018-20749: incomplete fix for CVE-2018-15127 oob heap writes. * CVE-2018-20750: incomplete fix for CVE-2018-15127 oob heap writes. * CVE-2018-15126: heap use-after-free resulting in possible RCE. * debian/libvncserver0.symbols: update for the symbol changes in the CVE-2018-15126 patch, which split a function in two with new names. This is not really an ABI change as these symbols are private, i.e. not exported in any public headers, and only exported on the DSO because there's no filter applied. Checksums-Sha1: 4bb099d1119bb067abe9d955e457c0d56e058e6f 2457 libvncserver_0.9.9+dfsg2-6.1+deb8u5.dsc ff75c4a9dfab5eb7e3b2e1b5dcf4db968bf94b08 865281 libvncserver_0.9.9+dfsg2.orig.tar.gz c81aa81402713cb9dbdac94d93f97faa828e920f 35648 libvncserver_0.9.9+dfsg2-6.1+deb8u5.debian.tar.xz e97c07230d34a0efb9a6c9a2aba1aaf77ea74351 125662 libvncclient0_0.9.9+dfsg2-6.1+deb8u5_amd64.deb 15cda7ff6fa126f4ef87bc764bf0830fee6dc48d 192222 libvncserver0_0.9.9+dfsg2-6.1+deb8u5_amd64.deb 974eb50c6e27306087e825336a0c4f9bc2529542 276214 libvncserver-dev_0.9.9+dfsg2-6.1+deb8u5_amd64.deb 407aa560bc04a3764a363cbd1af4016f159e16ad 90876 libvncserver-config_0.9.9+dfsg2-6.1+deb8u5_amd64.deb 152cbde7f71d756fc450018e1ba7fb553f9613e1 183598 libvncclient0-dbg_0.9.9+dfsg2-6.1+deb8u5_amd64.deb 069d36595802257d851b0d19e5b0ebe4f027ee39 383944 libvncserver0-dbg_0.9.9+dfsg2-6.1+deb8u5_amd64.deb 4a4bcc3c80c68e12f824cd523cfed8fadd88c137 86926 linuxvnc_0.9.9+dfsg2-6.1+deb8u5_amd64.deb Checksums-Sha256: 26870bd794a2dcbb020722e1dde2e08a67d5f6ea75a033793e7990174cc5c009 2457 libvncserver_0.9.9+dfsg2-6.1+deb8u5.dsc 9c61fd5c990e16d6aa41bcf5d0eed790a10f3547426fbad46ba145e9900601ed 865281 libvncserver_0.9.9+dfsg2.orig.tar.gz 9a3d36580239fc9cc665239f176ff0c9240c8a9f36ca4dca14335506f6d95b23 35648 libvncserver_0.9.9+dfsg2-6.1+deb8u5.debian.tar.xz 67a2914b65d49473631a834747707b8a9546196b2ef37bfb2d3d48b8f175e5b8 125662 libvncclient0_0.9.9+dfsg2-6.1+deb8u5_amd64.deb 4cc654298de053d0bd28edf03e2c23c5c59abaabefdf8eb8ecf2446714212a15 192222 libvncserver0_0.9.9+dfsg2-6.1+deb8u5_amd64.deb 039101895567ff110edabb2bbb8495eb38463aad895737e6c353b66d6f391b00 276214 libvncserver-dev_0.9.9+dfsg2-6.1+deb8u5_amd64.deb 65e62d3e375ce37adfbe1544c2388bf6f79686fdd7c834beac87534599bdcead 90876 libvncserver-config_0.9.9+dfsg2-6.1+deb8u5_amd64.deb 5ffd221236b13942a796cc18792369aede593abeedd02f3893eb901b15d786ff 183598 libvncclient0-dbg_0.9.9+dfsg2-6.1+deb8u5_amd64.deb 0cd361812ed4cc4593277f68e4fa7851b1eec9aa53104a1486aa8c3940af7514 383944 libvncserver0-dbg_0.9.9+dfsg2-6.1+deb8u5_amd64.deb 4482f93f2477a3e2c40bcead78d4dd049098710518f1163f1fed8d6c13decc76 86926 linuxvnc_0.9.9+dfsg2-6.1+deb8u5_amd64.deb Files: 6260684721423d81ae8a146e342f6c53 2457 libs optional libvncserver_0.9.9+dfsg2-6.1+deb8u5.dsc 3d208f2769778f0fa82ed734aecefb47 865281 libs optional libvncserver_0.9.9+dfsg2.orig.tar.gz 48af9c8577be589b7d8852bce87cf7e1 35648 libs optional libvncserver_0.9.9+dfsg2-6.1+deb8u5.debian.tar.xz 39afe25244ac793417a2055fdb5d60fd 125662 libs optional libvncclient0_0.9.9+dfsg2-6.1+deb8u5_amd64.deb f6048ce3518fb59f8b71e15c05c2ed96 192222 libs optional libvncserver0_0.9.9+dfsg2-6.1+deb8u5_amd64.deb c7363da53639e228a2b5ff74c13253d7 276214 libdevel optional libvncserver-dev_0.9.9+dfsg2-6.1+deb8u5_amd64.deb d3f216013c2d0d8322b45c98960eb27a 90876 libdevel optional libvncserver-config_0.9.9+dfsg2-6.1+deb8u5_amd64.deb bc54e13b2526458d366d465a108e3e58 183598 debug extra libvncclient0-dbg_0.9.9+dfsg2-6.1+deb8u5_amd64.deb edfcc834029dd9dd3679fb6a187c1b05 383944 debug extra libvncserver0-dbg_0.9.9+dfsg2-6.1+deb8u5_amd64.deb f36cdbe92d7a6a31ebb2ebe21f89916b 86926 net optional linuxvnc_0.9.9+dfsg2-6.1+deb8u5_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlxS8L4ACgkQnUbEiOQ2 gwJm4Q//eS+Dnljh5UbtnNa7s0KFwnJLePKaJL/iLhSjxis84RTkHST1BF1AEBof Xg/WRbGF1jr7492bFwx+OyNUEtFpAJdOqXeMUqGvNbrcm0Y+yTTFJBvDAmW+oduB 67mcXEvehRzQ/qqWefr1G5UYpL3I5LZK/sPPjacGMMnCQGiyf1PRy7/rXGneeZqX m/lIw0jQz9NENlDh5YBXSmiJYolz8l6yMpwamw3cN6WT37IUyORxpMmO8u2xPp2Q DBPSe2Twwa+NhT3ljwjMIaxjnL/sBrNbXvpuGEYRLzWpB5t7LKuYLkZFmmhJpSa8 Q7QOI/OJXTWvcw63SktbVM6/1ehP2SUyd/dWhjqUd8OAPdNITe9dzYWCdDXaKwPY R63f1FgS+hA7TvoCrVZ99ly6AEDQ+iVXeVTcbx8gtphG/goYeqUJRSmJdMVnHUtM T0PXQjIvgNMDaBWXWnnhd5RtbXRU9enVxV7bavQCW6spelje/XNzzky7cBHCNmPh FvH5Ru3e7/fZal+0jUxSR2D1KG8EvkCr1g78lSS/sEh8EoeT1V2a9kMBlQw0Y2Oj F3qQSgyah1tKnp/IWmJfF3arYne6ee4aN6rYHepl4tqoBasA7j/ubFqkEhjGqsA9 06kTvaluR+7hUb0kffRva9TbS/TCBC9caQnHVRaBsAGHyttIQ9s= =qI2S -----END PGP SIGNATURE-----