Accepted tightvnc 1.3.9-6.5+deb8u1 (source amd64) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 20 Dec 2019 16:04:53 +0100
Source: tightvnc
Binary: tightvncserver xtightvncviewer
Architecture: source amd64
Version: 1.3.9-6.5+deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: Ola Lundqvist <opal@debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Description:
tightvncserver - virtual network computing server software
xtightvncviewer - virtual network computing client software for X
Changes:
tightvnc (1.3.9-6.5+deb8u1) jessie-security; urgency=medium
.
* Non-maintainer upload by the LTS team.
* CVE-2014-6053: Check malloc() return value on client->server ClientCutText
message.
* CVE-2018-20020: Fix heap out-of-bound write vulnerability inside structure
in VNC client code.
* CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code.
* CVE-2018-20022: CWE-665: Improper Initialization vulnerability.
* CVE-2018-7225: Uninitialized and potentially sensitive data could be
accessed by remote attackers because the msg.cct.length in rfbserver.c was
not sanitized.
* CVE-2019-15678: LibVNCClient: ignore server-sent cut text longer than 1MB.
* Extra patch similar to the fix for CVE-2019-15678: LibVNCClient: ignore
server-sent reason strings longer than 1MB (see
CVE-2018-20748/libvncserver).
* CVE-2019-15679: rfbproto.c/InitialiseRFBConnection: Check desktop name
length received before allocating memory for it.
* CVE-2019-15680: Fix null-pointer-deref issue in vncviewer/zlib.c.
* CVE-2019-15681: rfbserver: don't leak stack memory to the remote.
* Cherry-pick 782620-crashfix.patch from newer tightvnc src:pkg.
Fixes segfault on amd64 systems when e.g. KDEPIM is being used inside
an Xvnc session.
Checksums-Sha1:
d2bcf9b9a7294547f8d67e2b20f009d1de93c7c3 2037 tightvnc_1.3.9-6.5+deb8u1.dsc
0b21a60e060602e225b176695c1ddd787f007ed2 2246697 tightvnc_1.3.9.orig.tar.gz
d53fd4dce5140b75258a176782b1c8339446fa11 55568 tightvnc_1.3.9-6.5+deb8u1.debian.tar.xz
8f23492f13b0eda65242e08e75181199f1c7767d 661368 tightvncserver_1.3.9-6.5+deb8u1_amd64.deb
154443c99984afa21337b7255a8aa5e392b3814e 88346 xtightvncviewer_1.3.9-6.5+deb8u1_amd64.deb
Checksums-Sha256:
233b0d228df753aba61fea571e7ec44d7f9a4b517c9ee05952236fc623ffbfce 2037 tightvnc_1.3.9-6.5+deb8u1.dsc
56062708bb547425f8e8f0f9c571d4fa06fcc89a11146a5b15c608fd8debdb80 2246697 tightvnc_1.3.9.orig.tar.gz
94de3481d6a3db67571e9883229a91b875bb7c40b60a992c325b63abf8563f1f 55568 tightvnc_1.3.9-6.5+deb8u1.debian.tar.xz
22480ce862b66d0f8db540b6a0a90570f621f39e828cab3c4510a01b4627d4b5 661368 tightvncserver_1.3.9-6.5+deb8u1_amd64.deb
0aa98dcaec9712e41b898a4a04257413d8a8babf27fe47ba9f890361d66d8c77 88346 xtightvncviewer_1.3.9-6.5+deb8u1_amd64.deb
Files:
59f805137181dbc42d860f42a4fbc6f8 2037 x11 optional tightvnc_1.3.9-6.5+deb8u1.dsc
80b904d4a10fccee9045d0feeaa65df8 2246697 x11 optional tightvnc_1.3.9.orig.tar.gz
c8c4cf5d11e1d1aaa106867d2457c923 55568 x11 optional tightvnc_1.3.9-6.5+deb8u1.debian.tar.xz
9a28986b026246a1d2b86412fe603acc 661368 x11 optional tightvncserver_1.3.9-6.5+deb8u1_amd64.deb
a06f5a3d6efa6fc80c4dc1f6e76d9960 88346 x11 optional xtightvncviewer_1.3.9-6.5+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl3+OUEVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxXuUP/1vsy6X/C5mk/kABqJ6AhZYAkHo4
idz3TgkHYWJRmIWQ0eNXvLRmUhlZ7jX4YL9QpkruYuZTAEIjRmrJEfjAzRK6EruQ
Lnu2UIrC0mXQNvZdZVfS7yChh573OTkIcc6ud9/S4g+6lYEXoi8wSrxrjlzwshPi
tA5oz1jP29r1ND0x1jU2SIFGSpEeqnE0nfxqLMsZTEz8133wsWkN8iLXheFuNSAS
EeSvDiG7hZQuebDNXx9nBxNSF5yOXw70LSb/IodZ1ZPMINrHtxunn5RgURbJd+F0
uCX1cDs9VD/yrkuGK5aLBmbMqU6ZDBd/1JJurBjnnKDSpzAXov5AqvtyHb/V6bBD
dsVB41J01Jt+kNbcQIMVQih0LoWWg+P+wZLEN2T0iBdtDLCnlH2F0JA08zA8sSvQ
oiRNceaw6lZr/U0RJpNalojfeHdGZnFBwaMAMtHgjOUV2kaLTQxC83jRKv3dqy9n
UX1H9rsga7JaV/u2hSFirVFde48mrPtsTvCdksNs/54E+3ZICJkPBgG/XlYdAS1+
U36QsL9obsMY1a0zOrHEudMSDbQeSNjGkCamjnqZl9emOF/+OZynXWiPzX6bDkNA
HBnkZ3/6MEIsj5UvpG0+0UpT3T6nwW5asromxvszkbMISnDEeYkD8tFdfFCTJsOS
cEfKDUPdJrXK7fDE
=eERf
-----END PGP SIGNATURE-----