Register | Log in

libvncserver

Choose email to subscribe with

general

source: libvncserver (main)
version: 0.9.13+dfsg-1
maintainer: Debian Remote Maintainers (archive) (DMD)
uploaders: Mike Gabriel [DMD]
arch: any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.9.9+dfsg2-6.1+deb8u3
o-o-sec: 0.9.9+dfsg2-6.1+deb8u8
oldstable: 0.9.11+dfsg-1.3~deb9u4
old-sec: 0.9.11+dfsg-1.3~deb9u1
stable: 0.9.11+dfsg-1.3+deb10u3
testing: 0.9.13+dfsg-1
unstable: 0.9.13+dfsg-1

versioned links

0.9.9+dfsg2-6.1+deb8u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.9.9+dfsg2-6.1+deb8u8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.9.11+dfsg-1.3~deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.9.11+dfsg-1.3~deb9u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.9.11+dfsg-1.3+deb10u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.9.13+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libvncclient1
libvncserver-dev
libvncserver1

action needed

Multiarch hinter reports 1 issue(s) high

There are issues with the multiarch metadata for this package.

libvncserver-dev conflicts on /usr/include/rfb/rfbconfig.h on s390x <-> amd64, arm64, armel, and 5 more

Created: 2019-12-11 Last update: 2020-08-12 05:07

13 security issues in stretch high

There are 13 open security issues in stretch.

13 important issues:

CVE-2017-18922: It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
CVE-2019-20839: libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.
CVE-2019-20840: An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.
CVE-2020-14396: An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.
CVE-2020-14397: An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
CVE-2020-14398: An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.
CVE-2020-14399: ** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed."
CVE-2020-14400: ** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary.
CVE-2020-14401: An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
CVE-2020-14402: An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.
CVE-2020-14403: An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.
CVE-2020-14404: An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.
CVE-2020-14405: An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.

Please fix them.

Created: 2020-03-11 Last update: 2020-08-07 06:08

13 security issues in buster high

There are 13 open security issues in buster.

13 important issues:

CVE-2017-18922: It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
CVE-2019-20839: libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.
CVE-2019-20840: An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.
CVE-2020-14396: An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.
CVE-2020-14397: An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
CVE-2020-14398: An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.
CVE-2020-14399: ** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed."
CVE-2020-14400: ** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary.
CVE-2020-14401: An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
CVE-2020-14402: An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.
CVE-2020-14403: An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.
CVE-2020-14404: An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.
CVE-2020-14405: An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.

Please fix them.

Created: 2020-06-18 Last update: 2020-08-07 06:08

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2020-07-29 12:32

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2020-01-14 Last update: 2020-01-14 21:00

news

[2020-07-02] libvncserver 0.9.13+dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-06-30] Accepted libvncserver 0.9.9+dfsg2-6.1+deb8u8 (source amd64) into oldoldstable (Mike Gabriel)
[2020-06-29] Accepted libvncserver 0.9.13+dfsg-1 (source) into unstable (Mike Gabriel)
[2020-04-09] Accepted libvncserver 0.9.11+dfsg-1.3~deb9u4 (source amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Utkarsh Gupta)
[2020-04-09] Accepted libvncserver 0.9.11+dfsg-1.3+deb10u3 (source amd64) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Utkarsh Gupta)
[2020-04-02] libvncserver 0.9.12+dfsg-9 MIGRATED to testing (Debian testing watch)
[2020-03-31] Accepted libvncserver 0.9.12+dfsg-9 (source) into unstable (Antoni Villalonga) (signed by: Utkarsh Gupta)
[2020-03-17] Accepted libvncserver 0.9.9+dfsg2-6.1+deb8u7 (source amd64) into oldoldstable (Utkarsh Gupta)
[2020-02-04] libvncserver 0.9.12+dfsg-8 MIGRATED to testing (Debian testing watch)
[2020-02-01] Accepted libvncserver 0.9.12+dfsg-8 (source) into unstable (Mike Gabriel)
[2020-01-12] Accepted libvncserver 0.9.11+dfsg-1.3~deb9u3 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Mike Gabriel)
[2020-01-12] Accepted libvncserver 0.9.11+dfsg-1.3+deb10u2 (source) into proposed-updates->stable-new, proposed-updates (Mike Gabriel)
[2020-01-10] libvncserver 0.9.12+dfsg-7 MIGRATED to testing (Debian testing watch)
[2020-01-08] Accepted libvncserver 0.9.12+dfsg-7 (source) into unstable (Mike Gabriel)
[2020-01-05] libvncserver 0.9.12+dfsg-6 MIGRATED to testing (Debian testing watch)
[2020-01-02] Accepted libvncserver 0.9.12+dfsg-6 (source) into unstable (Mike Gabriel)
[2019-12-21] Accepted libvncserver 0.9.11+dfsg-1.3~deb9u2 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Mike Gabriel)
[2019-12-21] Accepted libvncserver 0.9.11+dfsg-1.3+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Mike Gabriel)
[2019-12-20] libvncserver 0.9.12+dfsg-5 MIGRATED to testing (Debian testing watch)
[2019-12-18] Accepted libvncserver 0.9.12+dfsg-5 (source) into unstable (Mike Gabriel)
[2019-12-11] Accepted libvncserver 0.9.12+dfsg-4 (source) into unstable (Mike Gabriel)
[2019-12-11] Accepted libvncserver 0.9.12+dfsg-3 (source) into unstable (Mike Gabriel)
[2019-11-29] Accepted libvncserver 0.9.12+dfsg-2 (source) into experimental (Mike Gabriel)
[2019-11-28] Accepted libvncserver 0.9.12+dfsg-1 (source) into experimental (Mike Gabriel)
[2019-10-30] Accepted libvncserver 0.9.9+dfsg2-6.1+deb8u6 (source amd64) into oldoldstable (Mike Gabriel)
[2019-02-04] Accepted libvncserver 0.9.11+dfsg-1.3~deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2019-02-04] libvncserver 0.9.11+dfsg-1.3 MIGRATED to testing (Debian testing watch)
[2019-02-03] Accepted libvncserver 0.9.11+dfsg-1.3~deb9u1 (source) into stable->embargoed, stable (Salvatore Bonaccorso)
[2019-01-31] Accepted libvncserver 0.9.9+dfsg2-6.1+deb8u5 (source amd64) into oldstable (Emilio Pozuelo Monfort)
[2019-01-30] Accepted libvncserver 0.9.11+dfsg-1.3 (source) into unstable (Salvatore Bonaccorso)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 2)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.9.13+dfsg-1
3 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing