Back to tightvnc PTS page

Accepted tightvnc 1.3.9-6.5+deb8u1 (source amd64) into oldoldstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 20 Dec 2019 16:04:53 +0100
Source: tightvnc
Binary: tightvncserver xtightvncviewer
Architecture: source amd64
Version: 1.3.9-6.5+deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: Ola Lundqvist <opal@debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Description:
 tightvncserver - virtual network computing server software
 xtightvncviewer - virtual network computing client software for X
Changes:
 tightvnc (1.3.9-6.5+deb8u1) jessie-security; urgency=medium
 .
   * Non-maintainer upload by the LTS team.
   * CVE-2014-6053: Check malloc() return value on client->server ClientCutText
     message.
   * CVE-2018-20020: Fix heap out-of-bound write vulnerability inside structure
     in VNC client code.
   * CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code.
   * CVE-2018-20022: CWE-665: Improper Initialization vulnerability.
   * CVE-2018-7225: Uninitialized and potentially sensitive data could be
     accessed by remote attackers because the msg.cct.length in rfbserver.c was
     not sanitized.
   * CVE-2019-15678: LibVNCClient: ignore server-sent cut text longer than 1MB.
   * Extra patch similar to the fix for CVE-2019-15678: LibVNCClient: ignore
     server-sent reason strings longer than 1MB (see
     CVE-2018-20748/libvncserver).
   * CVE-2019-15679: rfbproto.c/InitialiseRFBConnection: Check desktop name
     length received before allocating memory for it.
   * CVE-2019-15680: Fix null-pointer-deref issue in vncviewer/zlib.c.
   * CVE-2019-15681: rfbserver: don't leak stack memory to the remote.
   * Cherry-pick 782620-crashfix.patch from newer tightvnc src:pkg.
     Fixes segfault on amd64 systems when e.g. KDEPIM is being used inside
     an Xvnc session.
Checksums-Sha1:
 d2bcf9b9a7294547f8d67e2b20f009d1de93c7c3 2037 tightvnc_1.3.9-6.5+deb8u1.dsc
 0b21a60e060602e225b176695c1ddd787f007ed2 2246697 tightvnc_1.3.9.orig.tar.gz
 d53fd4dce5140b75258a176782b1c8339446fa11 55568 tightvnc_1.3.9-6.5+deb8u1.debian.tar.xz
 8f23492f13b0eda65242e08e75181199f1c7767d 661368 tightvncserver_1.3.9-6.5+deb8u1_amd64.deb
 154443c99984afa21337b7255a8aa5e392b3814e 88346 xtightvncviewer_1.3.9-6.5+deb8u1_amd64.deb
Checksums-Sha256:
 233b0d228df753aba61fea571e7ec44d7f9a4b517c9ee05952236fc623ffbfce 2037 tightvnc_1.3.9-6.5+deb8u1.dsc
 56062708bb547425f8e8f0f9c571d4fa06fcc89a11146a5b15c608fd8debdb80 2246697 tightvnc_1.3.9.orig.tar.gz
 94de3481d6a3db67571e9883229a91b875bb7c40b60a992c325b63abf8563f1f 55568 tightvnc_1.3.9-6.5+deb8u1.debian.tar.xz
 22480ce862b66d0f8db540b6a0a90570f621f39e828cab3c4510a01b4627d4b5 661368 tightvncserver_1.3.9-6.5+deb8u1_amd64.deb
 0aa98dcaec9712e41b898a4a04257413d8a8babf27fe47ba9f890361d66d8c77 88346 xtightvncviewer_1.3.9-6.5+deb8u1_amd64.deb
Files:
 59f805137181dbc42d860f42a4fbc6f8 2037 x11 optional tightvnc_1.3.9-6.5+deb8u1.dsc
 80b904d4a10fccee9045d0feeaa65df8 2246697 x11 optional tightvnc_1.3.9.orig.tar.gz
 c8c4cf5d11e1d1aaa106867d2457c923 55568 x11 optional tightvnc_1.3.9-6.5+deb8u1.debian.tar.xz
 9a28986b026246a1d2b86412fe603acc 661368 x11 optional tightvncserver_1.3.9-6.5+deb8u1_amd64.deb
 a06f5a3d6efa6fc80c4dc1f6e76d9960 88346 x11 optional xtightvncviewer_1.3.9-6.5+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl3+OUEVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxXuUP/1vsy6X/C5mk/kABqJ6AhZYAkHo4
idz3TgkHYWJRmIWQ0eNXvLRmUhlZ7jX4YL9QpkruYuZTAEIjRmrJEfjAzRK6EruQ
Lnu2UIrC0mXQNvZdZVfS7yChh573OTkIcc6ud9/S4g+6lYEXoi8wSrxrjlzwshPi
tA5oz1jP29r1ND0x1jU2SIFGSpEeqnE0nfxqLMsZTEz8133wsWkN8iLXheFuNSAS
EeSvDiG7hZQuebDNXx9nBxNSF5yOXw70LSb/IodZ1ZPMINrHtxunn5RgURbJd+F0
uCX1cDs9VD/yrkuGK5aLBmbMqU6ZDBd/1JJurBjnnKDSpzAXov5AqvtyHb/V6bBD
dsVB41J01Jt+kNbcQIMVQih0LoWWg+P+wZLEN2T0iBdtDLCnlH2F0JA08zA8sSvQ
oiRNceaw6lZr/U0RJpNalojfeHdGZnFBwaMAMtHgjOUV2kaLTQxC83jRKv3dqy9n
UX1H9rsga7JaV/u2hSFirVFde48mrPtsTvCdksNs/54E+3ZICJkPBgG/XlYdAS1+
U36QsL9obsMY1a0zOrHEudMSDbQeSNjGkCamjnqZl9emOF/+OZynXWiPzX6bDkNA
HBnkZ3/6MEIsj5UvpG0+0UpT3T6nwW5asromxvszkbMISnDEeYkD8tFdfFCTJsOS
cEfKDUPdJrXK7fDE
=eERf
-----END PGP SIGNATURE-----