-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 21 Dec 2019 10:35:50 +0100 Source: tightvnc Architecture: source Version: 1:1.3.9-9+deb10u1 Distribution: buster Urgency: medium Maintainer: Ola Lundqvist <opal@debian.org> Changed-By: Mike Gabriel <sunweaver@debian.org> Closes: 945364 Changes: tightvnc (1:1.3.9-9+deb10u1) buster; urgency=medium . * Security upload. (Closes: #945364). * CVE-2014-6053: Check malloc() return value on client->server ClientCutText message. * CVE-2018-20020: Fix heap out-of-bound write vulnerability inside structure in VNC client code. * CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code. * CVE-2018-20022: CWE-665: Improper Initialization vulnerability. * CVE-2018-7225: Uninitialized and potentially sensitive data could be accessed by remote attackers because the msg.cct.length in rfbserver.c was not sanitized. * CVE-2019-15678: LibVNCClient: ignore server-sent cut text longer than 1MB. * Extra patch similar to the fix for CVE-2019-15678: LibVNCClient: ignore server-sent reason strings longer than 1MB (see CVE-2018-20748/ libvncserver). * CVE-2019-15679: rfbproto.c/InitialiseRFBConnection: Check desktop name length received before allocating memory for it and limit it to 1MB. * CVE-2019-15680: Fix null-pointer-deref issue in vncviewer/zlib.c. * CVE-2019-15681: rfbserver: don't leak stack memory to the remote. Checksums-Sha1: 6bddd686d68b91a81f1bde2893c1dcdd4def8837 2035 tightvnc_1.3.9-9+deb10u1.dsc beacc2670ec9f0ac02c9475f05ded9df48dbe48d 56508 tightvnc_1.3.9-9+deb10u1.debian.tar.xz f16963ce2316c3efc78b523dcc2142fb96244262 8106 tightvnc_1.3.9-9+deb10u1_source.buildinfo Checksums-Sha256: 80b3f3e01e32a3131a8f367517250eca84870094ba81f0ad22851b14e273fcf4 2035 tightvnc_1.3.9-9+deb10u1.dsc bfffa6d39caea23e7f87c8cc6f527cb42e5ce4040685e3ba8240193efc502f31 56508 tightvnc_1.3.9-9+deb10u1.debian.tar.xz e82eb368b3d42c0cbf67ed1399b76caf6c7c95de355d1eec1e738eb36acec4e6 8106 tightvnc_1.3.9-9+deb10u1_source.buildinfo Files: 7d7aa549b132d974974aa3d4829e6a76 2035 x11 optional tightvnc_1.3.9-9+deb10u1.dsc 0c3c6da8f7d2df44abc5564a2be8221e 56508 x11 optional tightvnc_1.3.9-9+deb10u1.debian.tar.xz 50c07865c7ce63258fb436f5fcf06037 8106 x11 optional tightvnc_1.3.9-9+deb10u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl4A5EMVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxXksQAJOwX62PNe7We+ZvDnAReFhn3PJD ZpmJ4MOZVceO12O+gAGeNhsJITyBBV/hBWd4ioAjcutnWI7HWx0u36I13FBXFjqI IfcAnkBiuN71kke0BueCeUBUjdFSQDmOukZ9QV+76bcjA60mGskeKYvxTtWYGo8B /4LxUaYY/lurcaotQcGCmFWe1V6AjkMKiiIQYQRCN3/IUMJTOLahn6/GH86qlfXk TzMuX40RUZH2hQVAId7MUt0I+QbQb1T6j5nPv8KA6T6d6KbPT8l/RBproXaXZ5OC ZOLQnFS+gV16Jsbb9aQNEAS8q7XN5JIVk+tzEIw3i+BVIGHXQe0AzQGQ7qRp0Y1Q YrCNb0WY8va5Y2fZcR/98xpVwwJKxUm6+pzIheTpJeJ2yXG0QMX12keFV6SgO5+J 0ktFUdndDxFzQ761S7BBDjvomju0SerNjHL3z+QEislbmkkvF4LJwGB8x+JpeXDO UmP3aim98daU06rokCceOyM9DlI+o1S4mLExni7YHyGL6Om/gfGlyi6GLZXMEFQH cAjrniPPecMvXm9qupbXwApS3dMnK06PUy7V2RlXT/BIFDgOkXpNXgcM+3aolWl+ axuWg5ubyOc3NvWy+YqKbPpTvp40Ju/MeydzvtjuWrX7gPuLiKHIVIoISQqAl52v Lb9B6OnZ2KBoZ18c =GEWx -----END PGP SIGNATURE-----
