-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 21 Dec 2019 10:35:50 +0100 Source: tightvnc Architecture: source Version: 1:1.3.9-9+deb9u1 Distribution: stretch Urgency: medium Maintainer: Ola Lundqvist <opal@debian.org> Changed-By: Mike Gabriel <sunweaver@debian.org> Closes: 945364 Changes: tightvnc (1:1.3.9-9+deb9u1) stretch; urgency=medium . * Security upload. (Closes: #945364). * CVE-2014-6053: Check malloc() return value on client->server ClientCutText message. * CVE-2019-8287 (aka CVE-2018-20020): Fix heap out-of-bound write vulnerability inside structure in VNC client code. * CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code. * CVE-2018-20022: CWE-665: Improper Initialization vulnerability. * CVE-2018-7225: Uninitialized and potentially sensitive data could be accessed by remote attackers because the msg.cct.length in rfbserver.c was not sanitized. * CVE-2019-15678: LibVNCClient: ignore server-sent cut text longer than 1MB. * Extra patch similar to the fix for CVE-2019-15678: LibVNCClient: ignore server-sent reason strings longer than 1MB (see CVE-2018-20748/ libvncserver). * CVE-2019-15679: rfbproto.c/InitialiseRFBConnection: Check desktop name length received before allocating memory for it and limit it to 1MB. * CVE-2019-15680: Fix null-pointer-deref issue in vncviewer/zlib.c. * CVE-2019-15681: rfbserver: don't leak stack memory to the remote. Checksums-Sha1: ad5e09609a4e6cf94aa285a1e8530454cfb82b04 2031 tightvnc_1.3.9-9+deb9u1.dsc ab3fc2db4673aa89ad6c9cddbfcb269f3a2c51fd 56520 tightvnc_1.3.9-9+deb9u1.debian.tar.xz aea1bdbbf93b0b142aa3c1c293b0df8586ba06c1 8102 tightvnc_1.3.9-9+deb9u1_source.buildinfo Checksums-Sha256: 0fee71179202c93094b8619a86647549218be2a70821ec2b71305cf9176b5a1a 2031 tightvnc_1.3.9-9+deb9u1.dsc f9bfda27ecac0a8850132a1d644b6a5cdb63d57b994c09c8ce8d7d0a75378e44 56520 tightvnc_1.3.9-9+deb9u1.debian.tar.xz da0e2ceb522c334c42db1706945b046ff0816724436770f645e068bb6a7db71f 8102 tightvnc_1.3.9-9+deb9u1_source.buildinfo Files: 204c56026b3310d604206ea8956d04d1 2031 x11 optional tightvnc_1.3.9-9+deb9u1.dsc 2c36a76f7618aeeb9ca2240201f10fd6 56520 x11 optional tightvnc_1.3.9-9+deb9u1.debian.tar.xz fbdfeb2f9d082e0422094618afbf3ed3 8102 x11 optional tightvnc_1.3.9-9+deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl4A5N0VHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxhXkP/Rgn92iK8XpqlpfYYV0C8ZoNFUaq gjldf1yio7hZwddx/kUJ5PnzJRNpyLdlARPq+2AbsKAwRt7DgOUD18Ux7C97vMsj GaprrVfJuV2QKC0fEgRF74lAF2O9/pi/9PT9n3FsO57xcT6qI9NRxw+K0OWQq+0i iKMkKy/PXoWYxUDJyug8Rov9kOwEAJUYKyQweumWlwj5mKD8FZcdBHzKVFGcBjZC A6gWJek1yLGnkk7rx7OyfoVh9vt68jMRF+k85NG2iAvp8PD+33e8RyMKheQlLeAt 0zVok8MPdeLu8k6Cf/nmMGxfIsqaDw075Grba1zR6kvK2OB9k+yuyStKXqptfv0k QLEn5PXQLTgFngvVE+ZmvzQXHBPLHwlQmvmhQdxaHfKjDmOvKXuwupZKYaVNLcOz tjFUvx+TC+KHqPvcmod17yEk/pfdu334iMZSpR6Fcac3agZsbi2CedtPmN5+Vv5y L+xpGAtravk/+dgNjwAIrHj16+2nRB4qFQomesX2IbgW4bGB8vSO9Vjs6MKPDlGx TKsijZNVvmS+NwTs9QlWa4XV8x60FsiT/Ot6WIoqAMTk9MBDL9sGekyuPx8HGv1O +LGYiRGsj+Hg5gob7MN4fkkPiIIblZt1Ik1BZVE/EDCFqpggPu7OnjpaIeHVrRd8 idxtrys/Ra2/vOQ+ =FgAZ -----END PGP SIGNATURE-----
