Accepted libvncserver 0.9.11+dfsg-1.2 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 02 Jan 2019 16:26:53 +0100
Source: libvncserver
Binary: libvncclient1 libvncserver1 libvncserver-dev libvncserver-config libvncclient1-dbg libvncserver1-dbg
Architecture: source
Version: 0.9.11+dfsg-1.2
Distribution: unstable
Urgency: high
Maintainer: Peter Spiess-Knafl <dev@spiessknafl.at>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 916941
Description:
libvncclient1 - API to write one's own VNC server - client library
libvncclient1-dbg - debugging symbols for libvncclient
libvncserver-config - API to write one's own VNC server - library utility
libvncserver-dev - API to write one's own VNC server - development files
libvncserver1 - API to write one's own VNC server
libvncserver1-dbg - debugging symbols for libvncserver
Changes:
libvncserver (0.9.11+dfsg-1.2) unstable; urgency=high
.
* Non-maintainer upload.
* Fix multiple security vulnerabilities (Closes: #916941)
- Use-after-free in file transfer extension allows for potential
code execution (CVE-2018-15126)
- Heap out-of-bounds write in
rfbserver.c:rfbProcessFileTransferReadBuffer() allows for
potential code execution (CVE-2018-15127)
- Multiple heap out-of-bound writes in VNC client code
(CVE-2018-20019)
- Heap out-of-bound write inside structure in VNC client code allows
for potential code execution (CVE-2018-20020)
- Infinite loop in VNC client code allows for denial of service
(CVE-2018-20021)
- Improper initialization in VNC client code allows for information
disclosure (CVE-2018-20022)
- Improper initialization in VNC Repeater client code allows for
information disclosure (CVE-2018-20023)
- NULL pointer dereference in VNC client code allows for denial of
service (CVE-2018-20024)
- Use-after-free in file transfer extension server code allows for
potential code execution (CVE-2018-6307)
* Update symbols file for libvncserver1.
The fix for CVE-2018-15126 removes CloseUndoneFileTransfer and
introduces new CloseUndoneFileDownload and CloseUndoneFileUpload.
Checksums-Sha1:
3ec5f78c38f20fe884ffe8d29a223e2ff7534b1b 2561 libvncserver_0.9.11+dfsg-1.2.dsc
a94f5d6d8881a16617919e8bd1e57e104fb209cc 19128 libvncserver_0.9.11+dfsg-1.2.debian.tar.xz
Checksums-Sha256:
cbd1a4cd125472bb4290e923585a2a4f089bd449337066ccca587a7913f19fd6 2561 libvncserver_0.9.11+dfsg-1.2.dsc
18305a97f5985650e3da106374342a021cff20af15d370db068e2b67e086bf79 19128 libvncserver_0.9.11+dfsg-1.2.debian.tar.xz
Files:
bac2a495a871848aeeafce41664fba94 2561 libs optional libvncserver_0.9.11+dfsg-1.2.dsc
e00d64f7c66117d9792a1a446851dfa6 19128 libs optional libvncserver_0.9.11+dfsg-1.2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlwuHvFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ep9gP/RnE1Pxc9ecwocLiU71HAxf5GtNSL0uV
ar5MP9s7ExVYib4zO6kB/8wHxsRXzRv0sHolBfKMdrxBTmjY+f+GwWTyj8YpMuiq
Nv+xSUNDE1b2h8x8EwH5wo4yAFaAyN+cw6KDqUFJolJtQPnO0shG3a7tEUnrxEm/
zxbsmKTQPR0+qk3XRIipaquIq8TuculZdqX30Jfbypu2/+br39nsVXaCOmbzHpIk
VkJ7BEi9ZWDZZmmqbPMapth+tZuOICnpnzUB/EZ/510Y9QvFYyWOnAHRQ6TZY0e0
lvkOazpLUWBH/M+NNaoTX/Ivr/7mkvegNVdozGvIQ8bys9rL75jamP4kRuZ4LB/8
qnv+yBwcCOioPH1jj6QzfusqetFGd0w7QQQJjLxvhniukB2MdJwt1Qfu/S7qvlFv
YGHN3Dj2QUXDtp3Iv3oBA4n2OsbkrTgky+574NsGrw/o1wzCjuwuajSgYxLLz4G1
PZSCVD4eZqJk2aTch3wa4kzyLchBIfJ8mi5wGVeqONWpBxJ/YaWU0D/7MQ4JVeIK
6cHwErqgklotbMVvaK5KRoq7ogf7a4n2oH+Vjou9tRKoqJnYhrMapJCAhw0dAv5O
D+3bruzWc32LAmSiZYF90XufS5SELj2seXGppR18iQWyKcx2Hcj0paLn+bpiDypx
hf9HZeOpVDIT
=6eme
-----END PGP SIGNATURE-----