-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 28 Aug 2020 23:40:37 +0200 Source: libvncserver Architecture: source Version: 0.9.11+dfsg-1.3+deb10u4 Distribution: buster Urgency: medium Maintainer: Peter Spiess-Knafl <dev@spiessknafl.at> Changed-By: Mike Gabriel <sunweaver@debian.org> Changes: libvncserver (0.9.11+dfsg-1.3+deb10u4) buster; urgency=medium . * CVE-2019-20839: libvncclient: bail out if unix socket name would overflow. * CVE-2020-14397: libvncserver: add missing NULL pointer checks. * CVE-2020-14399: libvncclient: fix pointer aliasing/alignment issue. * CVE-2020-14400: libvncserver: fix pointer aliasing/alignment issue. * CVE-2020-14401: libvncserver: scale: cast to 64 bit before shifting. * CVE-2020-14402, CVE-2020-14403, CVE-2020-14404: libvncserver: encodings: prevent OOB accesses. * CVE-2020-14405: libvncclient/rfbproto: limit max textchat size. Checksums-Sha1: 5fa63383961f62a963f3d624c337b1a0b1e8afb2 2467 libvncserver_0.9.11+dfsg-1.3+deb10u4.dsc 6cf193a832fb2e9e144f5c38bff79ddcc0c59ac9 26148 libvncserver_0.9.11+dfsg-1.3+deb10u4.debian.tar.xz 98ca1b4744d46ae309ffd373bf0b0677e2022697 7348 libvncserver_0.9.11+dfsg-1.3+deb10u4_source.buildinfo Checksums-Sha256: 9c041fc9ec0c988962887a156c936ee1dea6f5349e9b88da36c913abaf4e52ae 2467 libvncserver_0.9.11+dfsg-1.3+deb10u4.dsc dec5e960523e9aa7b5860549855ec107bb57d0959125396b9aa6f97ddc3de895 26148 libvncserver_0.9.11+dfsg-1.3+deb10u4.debian.tar.xz f135003d1127765fd2edd0801f0257a92717793416bd1a363ed8d273ac9ee526 7348 libvncserver_0.9.11+dfsg-1.3+deb10u4_source.buildinfo Files: 4c83af7e2b592913fdca2aaf94361809 2467 libs optional libvncserver_0.9.11+dfsg-1.3+deb10u4.dsc ef6fb66263216a8ae6d97fae1a10baa8 26148 libs optional libvncserver_0.9.11+dfsg-1.3+deb10u4.debian.tar.xz a5f8cb92fb75e19e2a66468221180156 7348 libs optional libvncserver_0.9.11+dfsg-1.3+deb10u4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl9JfIsVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxMNIP/12zQe8pSQSMmFI7zSOHpEaCpYRt hTjI9uvxj9pICXR9ICuZPzIuJk3AU7ugVP7afbQVWkvDQe7T1gLR3VTtbEdC6dVg NDCCC+pdZs4pRyAiRF2cKvFefZ2WxhV56/gwr8cfY46pjn49t1YLm0Mkis/Q6daj DIgfKaqsJ3w44HENk2cfTOG5kCxNIa3ApuphNkDaA7S/X6U/9ynRBFYVfWpUjN7x zwKBvfoWSh44K32nFTYKjXmlZLyvn2jn0/iakVh706Tc9STk1+eMIqPSlaxp/26e TPvWKxoU7zvanWcC0EDPQ7Pq3UuoJDT4KvuZKI6E8ZkH3pNOFmCk7wXiUUX09chl evaeUkG+yrQa+YEpr4LJ/6XWOU2doWeFU+/PzxHNwriKqvsEghGiJJSi0sqpmRhv 42SkpbnaTVGu03vuyXtWrAwk644o25xsM8TeFPSQc4LJUoqCpIoHFHDM/Be7x26P Na8y2/UYMMxJHGdbCEz5Q8o4Ctx1HmMpWOHYCGSrXUYi1zW5um/FgwCo7PAXuOhK tFXOacEWcwIM94XYrjlhwOurtmCDd81WbuKLHh9TEzGrhzOXJwydCqqssHN5j4qD OK01wpXpMOGt05AXZAgEQ+BAZtDaoPZY1lShAekGCUCDM75NYdF7FDC0z65WC0Bp CgwgYQHcVgqrtGXQ =LL8G -----END PGP SIGNATURE-----