-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 28 Nov 2019 08:49:18 +0100 Source: italc Architecture: source Version: 1:3.0.3+dfsg1-1+deb9u1 Distribution: stretch Urgency: medium Maintainer: Debian Edu Packaging Team <debian-edu-pkg-team@lists.alioth.debian.org> Changed-By: Mike Gabriel <sunweaver@debian.org> Changes: italc (1:3.0.3+dfsg1-1+deb9u1) stretch; urgency=medium . * Porting of libvncserver+libvncclient security patches: - CVE-2018-7225: Uninitialized and potentially sensitive data could be accessed by remote attackers because the msg.cct.length in rfbserver.c was not sanitized. - CVE-2018-15127: heap out-of-bound write vulnerability. - CVE-2018-20019: multiple heap out-of-bound write vulnerabilities. - CVE-2018-20020: heap out-of-bound write vulnerability inside structure in VNC client code. - CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code. - CVE-2018-20022: CWE-665: Improper Initialization vulnerability. - CVE-2018-20023: Improper Initialization vulnerability in VNC Repeater client code. - CVE-2018-20024: null pointer dereference that can result DoS. - CVE-2018-6307: heap use-after-free vulnerability in server code of file transfer extension. - CVE-2018-20748: incomplete fix for CVE-2018-20019 oob heap writes. - CVE-2018-20749: incomplete fix for CVE-2018-15127 oob heap writes. - CVE-2018-20750: incomplete fix for CVE-2018-15127 oob heap writes. - CVE-2018-15126: heap use-after-free resulting in possible RCE. - CVE-2019-15681: rfbserver: don't leak stack memory to the remote. * debian/control: + Update Vcs-*: fields. Package has been migrated to salsa.debian.org. Checksums-Sha1: bfaa369426e49e28799d2b39a75e681752df0ff4 2577 italc_3.0.3+dfsg1-1+deb9u1.dsc 6df65d6d90920c6478cfd54f3a4225e72afae9cd 75888 italc_3.0.3+dfsg1-1+deb9u1.debian.tar.xz 3ecc82ea048fb8e9a3d787faa1d832db2ce960b8 14495 italc_3.0.3+dfsg1-1+deb9u1_source.buildinfo Checksums-Sha256: e0491c26062670052d936e0228cb3d46da2015cc681de8774a3c7ca4cbd5513c 2577 italc_3.0.3+dfsg1-1+deb9u1.dsc 7ef6c775dad24934f857bf6b4783007685cadf87cfbd4a9c21952c028ccb2d5a 75888 italc_3.0.3+dfsg1-1+deb9u1.debian.tar.xz b68ef29732b137f50d4e6a6806662c00e9d5096d261ac7926dfcc19ea3e9edca 14495 italc_3.0.3+dfsg1-1+deb9u1_source.buildinfo Files: ea643149e0ff56e89976d3817b3196b6 2577 x11 optional italc_3.0.3+dfsg1-1+deb9u1.dsc 659a39043108d0d6ddf49ac823a04d0b 75888 x11 optional italc_3.0.3+dfsg1-1+deb9u1.debian.tar.xz 509faa9424993c0945233c24569c2574 14495 x11 optional italc_3.0.3+dfsg1-1+deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl4zAPoVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxBBcP/iPYMZTZIxs8i+6knb9ES94i9T5M 2Ctbv7l13Zhh4tEpsD9nSQrmKQB3TaHam2xdBWhhrg9wi9niKB3Gj6szf/RVFyVU hRb9d0QN3RGfF4VTuPsF2eJ035bGXEcETBSwLyJer7Ip771+tykyoZnvlEiQKv4I vDVCfVbssoFSaDhkPYJv+sdrfFxk7Dh/IGg9Diy+4ukHzHW47yRQ4kiP+O+zDDkK cyvgm8B6mvXijRsdCI+y/dMaEvSRsHKPKxToQKxdPJNGMTqa5z5uwTul0NjANd2E DT+SOX7E5YximXPrmmKav11p/S/YODqeoXcAZrExLnL9ELqJcsN45Fy+wvmOJl4P MNMaQMf+wvqLQHfGufEJpKqKMJjlm9rnJhZpIKynOU922HbNSGFgO6lvdwF0N4MX 2ODhB4IkCx54FHoi+iJnSndnwhksczhx2SClXLaamEyk+yuXvCb8wieh+PTgQrW0 /rXBrNRbFFdFrtyqwngmdLcGZQ7p0swSS8y/VSy320rIL1JJXsKoed0SIM0lWIWa Z0B6psrm469H4jUU5PLtpG4sc7kxZT78hiXMjzPY8LwLNTaHxkyLHyvE83hpE1oY TQQ0AKD2YSs6N0DIwOUFAtha2k2chZBDmxssBO3vvIv/IClPti5cTAB2haWIaQMq 5UIymq3aeBFJ96AK =epge -----END PGP SIGNATURE-----