Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted italc 1:3.0.3+dfsg1-1+deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Date: Thu, 30 Jan 2020 21:17:31 +0000
Signed by: Mike Gabriel <sunweaver@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 28 Nov 2019 08:49:18 +0100
Source: italc
Architecture: source
Version: 1:3.0.3+dfsg1-1+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian Edu Packaging Team <debian-edu-pkg-team@lists.alioth.debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Changes:
 italc (1:3.0.3+dfsg1-1+deb9u1) stretch; urgency=medium
 .
   * Porting of libvncserver+libvncclient security patches:
     - CVE-2018-7225: Uninitialized and potentially sensitive data could be
       accessed by remote attackers because the msg.cct.length in rfbserver.c was
       not sanitized.
     - CVE-2018-15127: heap out-of-bound write vulnerability.
     - CVE-2018-20019: multiple heap out-of-bound write vulnerabilities.
     - CVE-2018-20020: heap out-of-bound write vulnerability inside structure
       in VNC client code.
     - CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code.
     - CVE-2018-20022: CWE-665: Improper Initialization vulnerability.
     - CVE-2018-20023: Improper Initialization vulnerability in VNC Repeater
       client code.
     - CVE-2018-20024: null pointer dereference that can result DoS.
     - CVE-2018-6307: heap use-after-free vulnerability in server code of
       file transfer extension.
     - CVE-2018-20748: incomplete fix for CVE-2018-20019 oob heap writes.
     - CVE-2018-20749: incomplete fix for CVE-2018-15127 oob heap writes.
     - CVE-2018-20750: incomplete fix for CVE-2018-15127 oob heap writes.
     - CVE-2018-15126: heap use-after-free resulting in possible RCE.
     - CVE-2019-15681: rfbserver: don't leak stack memory to the remote.
   * debian/control:
     + Update Vcs-*: fields. Package has been migrated to salsa.debian.org.
Checksums-Sha1:
 bfaa369426e49e28799d2b39a75e681752df0ff4 2577 italc_3.0.3+dfsg1-1+deb9u1.dsc
 6df65d6d90920c6478cfd54f3a4225e72afae9cd 75888 italc_3.0.3+dfsg1-1+deb9u1.debian.tar.xz
 3ecc82ea048fb8e9a3d787faa1d832db2ce960b8 14495 italc_3.0.3+dfsg1-1+deb9u1_source.buildinfo
Checksums-Sha256:
 e0491c26062670052d936e0228cb3d46da2015cc681de8774a3c7ca4cbd5513c 2577 italc_3.0.3+dfsg1-1+deb9u1.dsc
 7ef6c775dad24934f857bf6b4783007685cadf87cfbd4a9c21952c028ccb2d5a 75888 italc_3.0.3+dfsg1-1+deb9u1.debian.tar.xz
 b68ef29732b137f50d4e6a6806662c00e9d5096d261ac7926dfcc19ea3e9edca 14495 italc_3.0.3+dfsg1-1+deb9u1_source.buildinfo
Files:
 ea643149e0ff56e89976d3817b3196b6 2577 x11 optional italc_3.0.3+dfsg1-1+deb9u1.dsc
 659a39043108d0d6ddf49ac823a04d0b 75888 x11 optional italc_3.0.3+dfsg1-1+deb9u1.debian.tar.xz
 509faa9424993c0945233c24569c2574 14495 x11 optional italc_3.0.3+dfsg1-1+deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl4zAPoVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxBBcP/iPYMZTZIxs8i+6knb9ES94i9T5M
2Ctbv7l13Zhh4tEpsD9nSQrmKQB3TaHam2xdBWhhrg9wi9niKB3Gj6szf/RVFyVU
hRb9d0QN3RGfF4VTuPsF2eJ035bGXEcETBSwLyJer7Ip771+tykyoZnvlEiQKv4I
vDVCfVbssoFSaDhkPYJv+sdrfFxk7Dh/IGg9Diy+4ukHzHW47yRQ4kiP+O+zDDkK
cyvgm8B6mvXijRsdCI+y/dMaEvSRsHKPKxToQKxdPJNGMTqa5z5uwTul0NjANd2E
DT+SOX7E5YximXPrmmKav11p/S/YODqeoXcAZrExLnL9ELqJcsN45Fy+wvmOJl4P
MNMaQMf+wvqLQHfGufEJpKqKMJjlm9rnJhZpIKynOU922HbNSGFgO6lvdwF0N4MX
2ODhB4IkCx54FHoi+iJnSndnwhksczhx2SClXLaamEyk+yuXvCb8wieh+PTgQrW0
/rXBrNRbFFdFrtyqwngmdLcGZQ7p0swSS8y/VSy320rIL1JJXsKoed0SIM0lWIWa
Z0B6psrm469H4jUU5PLtpG4sc7kxZT78hiXMjzPY8LwLNTaHxkyLHyvE83hpE1oY
TQQ0AKD2YSs6N0DIwOUFAtha2k2chZBDmxssBO3vvIv/IClPti5cTAB2haWIaQMq
5UIymq3aeBFJ96AK
=epge
-----END PGP SIGNATURE-----
News for package italc
