-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 21 Dec 2019 10:35:50 +0100 Source: tightvnc Architecture: source Version: 1:1.3.9-9.1 Distribution: unstable Urgency: medium Maintainer: Ola Lundqvist <opal@debian.org> Changed-By: Mike Gabriel <sunweaver@debian.org> Closes: 945364 Changes: tightvnc (1:1.3.9-9.1) unstable; urgency=medium . * Security upload. (Closes: #945364). * CVE-2014-6053: Check malloc() return value on client->server ClientCutText message. * CVE-2019-8287 (aka CVE-2018-20020): Fix heap out-of-bound write vulnerability inside structure in VNC client code. * CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code. * CVE-2018-20022: CWE-665: Improper Initialization vulnerability. * CVE-2018-7225: Uninitialized and potentially sensitive data could be accessed by remote attackers because the msg.cct.length in rfbserver.c was not sanitized. * CVE-2019-15678: LibVNCClient: ignore server-sent cut text longer than 1MB. * Extra patch similar to the fix for CVE-2019-15678: LibVNCClient: ignore server-sent reason strings longer than 1MB (see CVE-2018-20748/ libvncserver). * CVE-2019-15679: rfbproto.c/InitialiseRFBConnection: Check desktop name length received before allocating memory for it and limit it to 1MB. * CVE-2019-15680: Fix null-pointer-deref issue in vncviewer/zlib.c. * CVE-2019-15681: rfbserver: don't leak stack memory to the remote. Checksums-Sha1: 7d85d4e168832ffc48199f25e5235e16caba9866 2011 tightvnc_1.3.9-9.1.dsc 6ccf44dcf37eb0319ea6498a47ce3fd308605d18 56508 tightvnc_1.3.9-9.1.debian.tar.xz fa4a020c65eb741772a663792c9dad435fb9aceb 8082 tightvnc_1.3.9-9.1_source.buildinfo Checksums-Sha256: 6b4e5a12d35bacfdf2b76bff80bab9a42421aa007cc8d7f69da758ac449993fe 2011 tightvnc_1.3.9-9.1.dsc 272c910d055ab3c8297bda3d11911909e43592458e19d469386a23fa0a6a0c01 56508 tightvnc_1.3.9-9.1.debian.tar.xz 934c4ae1ee03196fccab103844ae98b2e7944348f3c43482c33a95fb6c5cabb1 8082 tightvnc_1.3.9-9.1_source.buildinfo Files: 76450de1cdd1ee6c6952405d2dfa29fe 2011 x11 optional tightvnc_1.3.9-9.1.dsc d2a08f32adde4299ec1fe91f45a96272 56508 x11 optional tightvnc_1.3.9-9.1.debian.tar.xz 616ed24352802d4cdba45b7a29951d72 8082 x11 optional tightvnc_1.3.9-9.1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl3+W/kVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxtY4P/21463Et+wNIQ+JwOF3BBYJ/ulaQ jr/grM9K3n5B6W8ukb+TTnYgCWU/kQwQH3LzPZ2FUUmw+oZq/mzt3XS8iIWcrhpK /DLlO/NpxVuP0i3C9DCF7C5gbLGsrwou8ksddHCXgU1KDz2eZKLINDpY9avuOVh2 IUt+qDcxbgOpQF41DNhn+nAcMRIoI2OOaUTvWnK28v5owSCQ7ptBMwNmu3BSpJjo R0AOogA0YN+0VJAAVtn7vWxVJ0zaRDeG8pYki5A1q05l4FJpDhmDf3fzsz12VvJ8 7J3ySql+aen+/3zJn48Lk0MUChfMJH5iwmjepoYQ6IYsLrOgRBXKestWRrIu4ClY Bql/ckHAResExW52/RBLQIequyeGcAAP7rgf97UPywwaA94/QO+qXrYoyekyLdgU DRaUdeBgKDC9vku1nXad4vN73biITruMnSwOb6WDLTG5MbiZ5nwbRwcbP8FU9la3 twsMsBHeAgfA6h6P2omZup/eKpCu1ytLqYC74THD3TbYc5TypT6Us3KBY/6divSW IySxsCMkbb7aTaaCyQKxh27pMInfp2sESGVQ9ymnQe0FrGf7KLZ6YieatATGX+/j Znfnldfp1ee+VTAxmTPNt7E0mdNJBNM0mEJY7Ix24H+6zzUekOsWQjvhuYw7KkEn FaH755yCVYErba4V =8ySE -----END PGP SIGNATURE-----
