Accepted tightvnc 1:1.3.9-9.1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 21 Dec 2019 10:35:50 +0100
Source: tightvnc
Architecture: source
Version: 1:1.3.9-9.1
Distribution: unstable
Urgency: medium
Maintainer: Ola Lundqvist <opal@debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Closes: 945364
Changes:
tightvnc (1:1.3.9-9.1) unstable; urgency=medium
.
* Security upload. (Closes: #945364).
* CVE-2014-6053: Check malloc() return value on client->server ClientCutText
message.
* CVE-2019-8287 (aka CVE-2018-20020): Fix heap out-of-bound write
vulnerability inside structure in VNC client code.
* CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code.
* CVE-2018-20022: CWE-665: Improper Initialization vulnerability.
* CVE-2018-7225: Uninitialized and potentially sensitive data could be
accessed by remote attackers because the msg.cct.length in rfbserver.c was
not sanitized.
* CVE-2019-15678: LibVNCClient: ignore server-sent cut text longer than 1MB.
* Extra patch similar to the fix for CVE-2019-15678: LibVNCClient: ignore
server-sent reason strings longer than 1MB (see CVE-2018-20748/
libvncserver).
* CVE-2019-15679: rfbproto.c/InitialiseRFBConnection: Check desktop name
length received before allocating memory for it and limit it to 1MB.
* CVE-2019-15680: Fix null-pointer-deref issue in vncviewer/zlib.c.
* CVE-2019-15681: rfbserver: don't leak stack memory to the remote.
Checksums-Sha1:
7d85d4e168832ffc48199f25e5235e16caba9866 2011 tightvnc_1.3.9-9.1.dsc
6ccf44dcf37eb0319ea6498a47ce3fd308605d18 56508 tightvnc_1.3.9-9.1.debian.tar.xz
fa4a020c65eb741772a663792c9dad435fb9aceb 8082 tightvnc_1.3.9-9.1_source.buildinfo
Checksums-Sha256:
6b4e5a12d35bacfdf2b76bff80bab9a42421aa007cc8d7f69da758ac449993fe 2011 tightvnc_1.3.9-9.1.dsc
272c910d055ab3c8297bda3d11911909e43592458e19d469386a23fa0a6a0c01 56508 tightvnc_1.3.9-9.1.debian.tar.xz
934c4ae1ee03196fccab103844ae98b2e7944348f3c43482c33a95fb6c5cabb1 8082 tightvnc_1.3.9-9.1_source.buildinfo
Files:
76450de1cdd1ee6c6952405d2dfa29fe 2011 x11 optional tightvnc_1.3.9-9.1.dsc
d2a08f32adde4299ec1fe91f45a96272 56508 x11 optional tightvnc_1.3.9-9.1.debian.tar.xz
616ed24352802d4cdba45b7a29951d72 8082 x11 optional tightvnc_1.3.9-9.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl3+W/kVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxtY4P/21463Et+wNIQ+JwOF3BBYJ/ulaQ
jr/grM9K3n5B6W8ukb+TTnYgCWU/kQwQH3LzPZ2FUUmw+oZq/mzt3XS8iIWcrhpK
/DLlO/NpxVuP0i3C9DCF7C5gbLGsrwou8ksddHCXgU1KDz2eZKLINDpY9avuOVh2
IUt+qDcxbgOpQF41DNhn+nAcMRIoI2OOaUTvWnK28v5owSCQ7ptBMwNmu3BSpJjo
R0AOogA0YN+0VJAAVtn7vWxVJ0zaRDeG8pYki5A1q05l4FJpDhmDf3fzsz12VvJ8
7J3ySql+aen+/3zJn48Lk0MUChfMJH5iwmjepoYQ6IYsLrOgRBXKestWRrIu4ClY
Bql/ckHAResExW52/RBLQIequyeGcAAP7rgf97UPywwaA94/QO+qXrYoyekyLdgU
DRaUdeBgKDC9vku1nXad4vN73biITruMnSwOb6WDLTG5MbiZ5nwbRwcbP8FU9la3
twsMsBHeAgfA6h6P2omZup/eKpCu1ytLqYC74THD3TbYc5TypT6Us3KBY/6divSW
IySxsCMkbb7aTaaCyQKxh27pMInfp2sESGVQ9ymnQe0FrGf7KLZ6YieatATGX+/j
Znfnldfp1ee+VTAxmTPNt7E0mdNJBNM0mEJY7Ix24H+6zzUekOsWQjvhuYw7KkEn
FaH755yCVYErba4V
=8ySE
-----END PGP SIGNATURE-----