Back to tightvnc PTS page

Accepted tightvnc 1:1.3.9-9.1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted tightvnc 1:1.3.9-9.1 (source) into unstable
From: Mike Gabriel <sunweaver@debian.org>
Date: Sun, 22 Dec 2019 22:35:07 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1ij9oZ-000Iij-1o@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 21 Dec 2019 10:35:50 +0100
Source: tightvnc
Architecture: source
Version: 1:1.3.9-9.1
Distribution: unstable
Urgency: medium
Maintainer: Ola Lundqvist <opal@debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Closes: 945364
Changes:
 tightvnc (1:1.3.9-9.1) unstable; urgency=medium
 .
   * Security upload. (Closes: #945364).
   * CVE-2014-6053: Check malloc() return value on client->server ClientCutText
     message.
   * CVE-2019-8287 (aka CVE-2018-20020): Fix heap out-of-bound write
     vulnerability inside structure in VNC client code.
   * CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code.
   * CVE-2018-20022: CWE-665: Improper Initialization vulnerability.
   * CVE-2018-7225: Uninitialized and potentially sensitive data could be
     accessed by remote attackers because the msg.cct.length in rfbserver.c was
     not sanitized.
   * CVE-2019-15678: LibVNCClient: ignore server-sent cut text longer than 1MB.
   * Extra patch similar to the fix for CVE-2019-15678: LibVNCClient: ignore
     server-sent reason strings longer than 1MB (see CVE-2018-20748/
     libvncserver).
   * CVE-2019-15679: rfbproto.c/InitialiseRFBConnection: Check desktop name
     length received before allocating memory for it and limit it to 1MB.
   * CVE-2019-15680: Fix null-pointer-deref issue in vncviewer/zlib.c.
   * CVE-2019-15681: rfbserver: don't leak stack memory to the remote.
Checksums-Sha1:
 7d85d4e168832ffc48199f25e5235e16caba9866 2011 tightvnc_1.3.9-9.1.dsc
 6ccf44dcf37eb0319ea6498a47ce3fd308605d18 56508 tightvnc_1.3.9-9.1.debian.tar.xz
 fa4a020c65eb741772a663792c9dad435fb9aceb 8082 tightvnc_1.3.9-9.1_source.buildinfo
Checksums-Sha256:
 6b4e5a12d35bacfdf2b76bff80bab9a42421aa007cc8d7f69da758ac449993fe 2011 tightvnc_1.3.9-9.1.dsc
 272c910d055ab3c8297bda3d11911909e43592458e19d469386a23fa0a6a0c01 56508 tightvnc_1.3.9-9.1.debian.tar.xz
 934c4ae1ee03196fccab103844ae98b2e7944348f3c43482c33a95fb6c5cabb1 8082 tightvnc_1.3.9-9.1_source.buildinfo
Files:
 76450de1cdd1ee6c6952405d2dfa29fe 2011 x11 optional tightvnc_1.3.9-9.1.dsc
 d2a08f32adde4299ec1fe91f45a96272 56508 x11 optional tightvnc_1.3.9-9.1.debian.tar.xz
 616ed24352802d4cdba45b7a29951d72 8082 x11 optional tightvnc_1.3.9-9.1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl3+W/kVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxtY4P/21463Et+wNIQ+JwOF3BBYJ/ulaQ
jr/grM9K3n5B6W8ukb+TTnYgCWU/kQwQH3LzPZ2FUUmw+oZq/mzt3XS8iIWcrhpK
/DLlO/NpxVuP0i3C9DCF7C5gbLGsrwou8ksddHCXgU1KDz2eZKLINDpY9avuOVh2
IUt+qDcxbgOpQF41DNhn+nAcMRIoI2OOaUTvWnK28v5owSCQ7ptBMwNmu3BSpJjo
R0AOogA0YN+0VJAAVtn7vWxVJ0zaRDeG8pYki5A1q05l4FJpDhmDf3fzsz12VvJ8
7J3ySql+aen+/3zJn48Lk0MUChfMJH5iwmjepoYQ6IYsLrOgRBXKestWRrIu4ClY
Bql/ckHAResExW52/RBLQIequyeGcAAP7rgf97UPywwaA94/QO+qXrYoyekyLdgU
DRaUdeBgKDC9vku1nXad4vN73biITruMnSwOb6WDLTG5MbiZ5nwbRwcbP8FU9la3
twsMsBHeAgfA6h6P2omZup/eKpCu1ytLqYC74THD3TbYc5TypT6Us3KBY/6divSW
IySxsCMkbb7aTaaCyQKxh27pMInfp2sESGVQ9ymnQe0FrGf7KLZ6YieatATGX+/j
Znfnldfp1ee+VTAxmTPNt7E0mdNJBNM0mEJY7Ix24H+6zzUekOsWQjvhuYw7KkEn
FaH755yCVYErba4V
=8ySE
-----END PGP SIGNATURE-----