Accepted tightvnc 1:1.3.9-9+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 21 Dec 2019 10:35:50 +0100
Source: tightvnc
Architecture: source
Version: 1:1.3.9-9+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Ola Lundqvist <opal@debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Closes: 945364
Changes:
tightvnc (1:1.3.9-9+deb10u1) buster; urgency=medium
.
* Security upload. (Closes: #945364).
* CVE-2014-6053: Check malloc() return value on client->server ClientCutText
message.
* CVE-2018-20020: Fix heap out-of-bound write vulnerability inside structure
in VNC client code.
* CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code.
* CVE-2018-20022: CWE-665: Improper Initialization vulnerability.
* CVE-2018-7225: Uninitialized and potentially sensitive data could be
accessed by remote attackers because the msg.cct.length in rfbserver.c was
not sanitized.
* CVE-2019-15678: LibVNCClient: ignore server-sent cut text longer than 1MB.
* Extra patch similar to the fix for CVE-2019-15678: LibVNCClient: ignore
server-sent reason strings longer than 1MB (see CVE-2018-20748/
libvncserver).
* CVE-2019-15679: rfbproto.c/InitialiseRFBConnection: Check desktop name
length received before allocating memory for it and limit it to 1MB.
* CVE-2019-15680: Fix null-pointer-deref issue in vncviewer/zlib.c.
* CVE-2019-15681: rfbserver: don't leak stack memory to the remote.
Checksums-Sha1:
6bddd686d68b91a81f1bde2893c1dcdd4def8837 2035 tightvnc_1.3.9-9+deb10u1.dsc
beacc2670ec9f0ac02c9475f05ded9df48dbe48d 56508 tightvnc_1.3.9-9+deb10u1.debian.tar.xz
f16963ce2316c3efc78b523dcc2142fb96244262 8106 tightvnc_1.3.9-9+deb10u1_source.buildinfo
Checksums-Sha256:
80b3f3e01e32a3131a8f367517250eca84870094ba81f0ad22851b14e273fcf4 2035 tightvnc_1.3.9-9+deb10u1.dsc
bfffa6d39caea23e7f87c8cc6f527cb42e5ce4040685e3ba8240193efc502f31 56508 tightvnc_1.3.9-9+deb10u1.debian.tar.xz
e82eb368b3d42c0cbf67ed1399b76caf6c7c95de355d1eec1e738eb36acec4e6 8106 tightvnc_1.3.9-9+deb10u1_source.buildinfo
Files:
7d7aa549b132d974974aa3d4829e6a76 2035 x11 optional tightvnc_1.3.9-9+deb10u1.dsc
0c3c6da8f7d2df44abc5564a2be8221e 56508 x11 optional tightvnc_1.3.9-9+deb10u1.debian.tar.xz
50c07865c7ce63258fb436f5fcf06037 8106 x11 optional tightvnc_1.3.9-9+deb10u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl4A5EMVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxXksQAJOwX62PNe7We+ZvDnAReFhn3PJD
ZpmJ4MOZVceO12O+gAGeNhsJITyBBV/hBWd4ioAjcutnWI7HWx0u36I13FBXFjqI
IfcAnkBiuN71kke0BueCeUBUjdFSQDmOukZ9QV+76bcjA60mGskeKYvxTtWYGo8B
/4LxUaYY/lurcaotQcGCmFWe1V6AjkMKiiIQYQRCN3/IUMJTOLahn6/GH86qlfXk
TzMuX40RUZH2hQVAId7MUt0I+QbQb1T6j5nPv8KA6T6d6KbPT8l/RBproXaXZ5OC
ZOLQnFS+gV16Jsbb9aQNEAS8q7XN5JIVk+tzEIw3i+BVIGHXQe0AzQGQ7qRp0Y1Q
YrCNb0WY8va5Y2fZcR/98xpVwwJKxUm6+pzIheTpJeJ2yXG0QMX12keFV6SgO5+J
0ktFUdndDxFzQ761S7BBDjvomju0SerNjHL3z+QEislbmkkvF4LJwGB8x+JpeXDO
UmP3aim98daU06rokCceOyM9DlI+o1S4mLExni7YHyGL6Om/gfGlyi6GLZXMEFQH
cAjrniPPecMvXm9qupbXwApS3dMnK06PUy7V2RlXT/BIFDgOkXpNXgcM+3aolWl+
axuWg5ubyOc3NvWy+YqKbPpTvp40Ju/MeydzvtjuWrX7gPuLiKHIVIoISQqAl52v
Lb9B6OnZ2KBoZ18c
=GEWx
-----END PGP SIGNATURE-----