-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 29 Jun 2020 16:43:17 +0200
Source: libvncserver
Binary: libvncclient0 libvncserver0 libvncserver-dev libvncserver-config libvncclient0-dbg libvncserver0-dbg linuxvnc
Architecture: source amd64
Version: 0.9.9+dfsg2-6.1+deb8u8
Distribution: jessie-security
Urgency: medium
Maintainer: Peter Spiess-Knafl <dev@spiessknafl.at>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Description:
libvncclient0 - API to write one's own vnc server - client library
libvncclient0-dbg - debugging symbols for libvncclient
libvncserver-config - API to write one's own vnc server - library utility
libvncserver-dev - API to write one's own vnc server - development files
libvncserver0 - API to write one's own vnc server
libvncserver0-dbg - debugging symbols for libvncserver
linuxvnc - VNC server to allow remote access to a tty
Changes:
libvncserver (0.9.9+dfsg2-6.1+deb8u8) jessie-security; urgency=medium
.
* debian/patches:
+ Add CVE-2019-20839.patch. libvncclient: bail out if unix socket name would
overflow (CVE-2019-20839).
+ Add CVE-2020-14397.patch. libvncserver: add missing NULL pointer checks
(CVE-2020-14397).
+ Add CVE-2020-14399.patch. libvncclient: fix pointer aliasing/alignment
issue (CVE-2020-14399).
+ Add CVE-2020-14400.patch. libvncserver: fix pointer aliasing/alignment
issue (CVE-2020-14400).
+ Add CVE-2020-14401.patch. libvncserver: scale: cast to 64 bit before
shifting (CVE-2020-14401).
+ Add CVE-2020-14402+14403,14404}.patch. libvncserver: encodings: prevent
OOB accesses (CVE-2020-14402, CVE-2020-14403, CVE-2020-14404).
+ Add CVE-2020-14405.patch. libvncclient/rfbproto: limit max textchat size
(CVE-2020-14405).
Checksums-Sha1:
b58c8c889beaf632e669347779cd70402a1a1044 2486 libvncserver_0.9.9+dfsg2-6.1+deb8u8.dsc
ff75c4a9dfab5eb7e3b2e1b5dcf4db968bf94b08 865281 libvncserver_0.9.9+dfsg2.orig.tar.gz
a84c5128b7dbc71a812ddf5c4fd11f8921d9e0f9 38908 libvncserver_0.9.9+dfsg2-6.1+deb8u8.debian.tar.xz
4e1df4c0e43a310677e47de74ab65c67aae4a9a0 126082 libvncclient0_0.9.9+dfsg2-6.1+deb8u8_amd64.deb
d4ee14ae7ff269ef93da85a260b95e0e3d9d3405 193496 libvncserver0_0.9.9+dfsg2-6.1+deb8u8_amd64.deb
5b050cbc17ea42c3fa5a6419bf94323adb199594 277412 libvncserver-dev_0.9.9+dfsg2-6.1+deb8u8_amd64.deb
5db2114ab1c901ea381486efdc2e921909ac964a 91334 libvncserver-config_0.9.9+dfsg2-6.1+deb8u8_amd64.deb
cdd5cdb6c1df2493c61b4b3c39b54325326fec8c 184222 libvncclient0-dbg_0.9.9+dfsg2-6.1+deb8u8_amd64.deb
7dfe72d00811c7ec553eb569effc3bdc7b41ed82 384408 libvncserver0-dbg_0.9.9+dfsg2-6.1+deb8u8_amd64.deb
866e8510d9055f9db2872616d6df2bbd73917ff0 87312 linuxvnc_0.9.9+dfsg2-6.1+deb8u8_amd64.deb
Checksums-Sha256:
f751323c368e0de6eabe18e8298d5693c7f3e2de713a4bb0adfb801e06ddba6c 2486 libvncserver_0.9.9+dfsg2-6.1+deb8u8.dsc
9c61fd5c990e16d6aa41bcf5d0eed790a10f3547426fbad46ba145e9900601ed 865281 libvncserver_0.9.9+dfsg2.orig.tar.gz
73f27780606f3480cc542c33a4360bbb79bb6f951db03a18f07fa31ffa8a5872 38908 libvncserver_0.9.9+dfsg2-6.1+deb8u8.debian.tar.xz
964a81b12b3fa8b2ddd17f8594209209eb535136fb9dd499fcafd5004140b6f3 126082 libvncclient0_0.9.9+dfsg2-6.1+deb8u8_amd64.deb
d39097f0ab7d7245df6492d61ac039689ded6b062e819661efa6d50f0d2ae4c8 193496 libvncserver0_0.9.9+dfsg2-6.1+deb8u8_amd64.deb
dba17c78bfce23b0e262d132474e7b6bc648ec9f220bba863a55ffae97367911 277412 libvncserver-dev_0.9.9+dfsg2-6.1+deb8u8_amd64.deb
eb6aca4cde6db27982a19da53b6fbddbb9356b63c2c46f99eff3c7db9fef9f07 91334 libvncserver-config_0.9.9+dfsg2-6.1+deb8u8_amd64.deb
245766297ce4ce24497ded0de0137d780316620141af892474aafef72b82b436 184222 libvncclient0-dbg_0.9.9+dfsg2-6.1+deb8u8_amd64.deb
0a498d3dddcf13cf83452f86687482eaf01c10f9eaf8bce59e776cac4868ece3 384408 libvncserver0-dbg_0.9.9+dfsg2-6.1+deb8u8_amd64.deb
f2394c086ceb13cd4f46b5d50ecea4c574c3609734de54d8747e59b18a28ef4e 87312 linuxvnc_0.9.9+dfsg2-6.1+deb8u8_amd64.deb
Files:
c76be5cf2358e5b3a2cc1ea2b248d898 2486 libs optional libvncserver_0.9.9+dfsg2-6.1+deb8u8.dsc
3d208f2769778f0fa82ed734aecefb47 865281 libs optional libvncserver_0.9.9+dfsg2.orig.tar.gz
428882657b5930c56d7c64a3bc3cf45d 38908 libs optional libvncserver_0.9.9+dfsg2-6.1+deb8u8.debian.tar.xz
3a51c48165b9770e60208a538309189e 126082 libs optional libvncclient0_0.9.9+dfsg2-6.1+deb8u8_amd64.deb
400f2061cf05069065594aadbbb4c12f 193496 libs optional libvncserver0_0.9.9+dfsg2-6.1+deb8u8_amd64.deb
6428f907c9f6c2ad395a4116bed9766f 277412 libdevel optional libvncserver-dev_0.9.9+dfsg2-6.1+deb8u8_amd64.deb
297c870f8e7e7d99a237a335efa236f7 91334 libdevel optional libvncserver-config_0.9.9+dfsg2-6.1+deb8u8_amd64.deb
c276913a621742ed45b87fadaf716ee5 184222 debug extra libvncclient0-dbg_0.9.9+dfsg2-6.1+deb8u8_amd64.deb
8ef85d0b24813426930ae177520be0b5 384408 debug extra libvncserver0-dbg_0.9.9+dfsg2-6.1+deb8u8_amd64.deb
5962969e395ba5be18d9fdc4e18027a0 87312 net optional linuxvnc_0.9.9+dfsg2-6.1+deb8u8_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl76/i0VHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxXEoQALYjUdeGVR4G6ncCFXJCQ8L/CBly
F96hJf/X0z/mglI6XIunEjS+w55cLa7Ftom+QQ/BOHCXDJPe+BIqTJN9I/kdmV6f
hVvpX6pmGJsaTCI+v1gXf/leYHAE2WRBgV2UBpW4bzj/VnrxJA3pJQL+PpV8fmG+
ibeAQqycx23jz/RP63TSJBUFBSuxYmI++ziwUdetPGAfB+EXiWVqo7tRlSGEBRw2
6xlUYojijx+hxRJz15T3mH1PLcpHJlLRSh6h4/7QpdjL4ahHgpEPTQtkECnr/rkd
uhXCb5nBDylzYR5+yKVInhJLf5+4RpzaSoVg6FNWwsUB1ZFCGFbIh9fFfLCfeNVg
tbUrE8Fu/IeB1ns5Mk7K0dMbj9R3fSJHW+2sNpmQD4RhDih3Zp2/NX+Os47kkCfO
PKJ+r4kAlW+OFmIOmWt+anz26Hu2qUzwGQkLGp9kSMWvSiMbSGP6aIhy15bqniQQ
o6aZmXHK8KeRw8pkMy7aXbODY1sOBYLNC7EBqtwo+DHmdYEwBKlpjnY6d8l8qUoM
oZVKJy0V9ZDN10AKgTWLM3BXi+5cHAf8m9QFWRp5aX97pbZSmx622ukq6QdoCcs1
SvVfOA/gqSE6+pVWxE7XrJy0M7P5qJNPb9l8RlmAusnq5CYUU/OlQ6tU7VqJ5Er9
v75SQdm89LL7HqHI
=mi1e
-----END PGP SIGNATURE-----
