Back to tightvnc PTS page

Accepted tightvnc 1:1.3.9-9+deb10u1 (source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted tightvnc 1:1.3.9-9+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
From: Mike Gabriel <sunweaver@debian.org>
Date: Sun, 29 Dec 2019 11:47:19 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1ilX2V-000FTB-4u@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 21 Dec 2019 10:35:50 +0100
Source: tightvnc
Architecture: source
Version: 1:1.3.9-9+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Ola Lundqvist <opal@debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Closes: 945364
Changes:
 tightvnc (1:1.3.9-9+deb10u1) buster; urgency=medium
 .
   * Security upload. (Closes: #945364).
   * CVE-2014-6053: Check malloc() return value on client->server ClientCutText
     message.
   * CVE-2018-20020: Fix heap out-of-bound write vulnerability inside structure
     in VNC client code.
   * CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code.
   * CVE-2018-20022: CWE-665: Improper Initialization vulnerability.
   * CVE-2018-7225: Uninitialized and potentially sensitive data could be
     accessed by remote attackers because the msg.cct.length in rfbserver.c was
     not sanitized.
   * CVE-2019-15678: LibVNCClient: ignore server-sent cut text longer than 1MB.
   * Extra patch similar to the fix for CVE-2019-15678: LibVNCClient: ignore
     server-sent reason strings longer than 1MB (see CVE-2018-20748/
     libvncserver).
   * CVE-2019-15679: rfbproto.c/InitialiseRFBConnection: Check desktop name
     length received before allocating memory for it and limit it to 1MB.
   * CVE-2019-15680: Fix null-pointer-deref issue in vncviewer/zlib.c.
   * CVE-2019-15681: rfbserver: don't leak stack memory to the remote.
Checksums-Sha1:
 6bddd686d68b91a81f1bde2893c1dcdd4def8837 2035 tightvnc_1.3.9-9+deb10u1.dsc
 beacc2670ec9f0ac02c9475f05ded9df48dbe48d 56508 tightvnc_1.3.9-9+deb10u1.debian.tar.xz
 f16963ce2316c3efc78b523dcc2142fb96244262 8106 tightvnc_1.3.9-9+deb10u1_source.buildinfo
Checksums-Sha256:
 80b3f3e01e32a3131a8f367517250eca84870094ba81f0ad22851b14e273fcf4 2035 tightvnc_1.3.9-9+deb10u1.dsc
 bfffa6d39caea23e7f87c8cc6f527cb42e5ce4040685e3ba8240193efc502f31 56508 tightvnc_1.3.9-9+deb10u1.debian.tar.xz
 e82eb368b3d42c0cbf67ed1399b76caf6c7c95de355d1eec1e738eb36acec4e6 8106 tightvnc_1.3.9-9+deb10u1_source.buildinfo
Files:
 7d7aa549b132d974974aa3d4829e6a76 2035 x11 optional tightvnc_1.3.9-9+deb10u1.dsc
 0c3c6da8f7d2df44abc5564a2be8221e 56508 x11 optional tightvnc_1.3.9-9+deb10u1.debian.tar.xz
 50c07865c7ce63258fb436f5fcf06037 8106 x11 optional tightvnc_1.3.9-9+deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl4A5EMVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxXksQAJOwX62PNe7We+ZvDnAReFhn3PJD
ZpmJ4MOZVceO12O+gAGeNhsJITyBBV/hBWd4ioAjcutnWI7HWx0u36I13FBXFjqI
IfcAnkBiuN71kke0BueCeUBUjdFSQDmOukZ9QV+76bcjA60mGskeKYvxTtWYGo8B
/4LxUaYY/lurcaotQcGCmFWe1V6AjkMKiiIQYQRCN3/IUMJTOLahn6/GH86qlfXk
TzMuX40RUZH2hQVAId7MUt0I+QbQb1T6j5nPv8KA6T6d6KbPT8l/RBproXaXZ5OC
ZOLQnFS+gV16Jsbb9aQNEAS8q7XN5JIVk+tzEIw3i+BVIGHXQe0AzQGQ7qRp0Y1Q
YrCNb0WY8va5Y2fZcR/98xpVwwJKxUm6+pzIheTpJeJ2yXG0QMX12keFV6SgO5+J
0ktFUdndDxFzQ761S7BBDjvomju0SerNjHL3z+QEislbmkkvF4LJwGB8x+JpeXDO
UmP3aim98daU06rokCceOyM9DlI+o1S4mLExni7YHyGL6Om/gfGlyi6GLZXMEFQH
cAjrniPPecMvXm9qupbXwApS3dMnK06PUy7V2RlXT/BIFDgOkXpNXgcM+3aolWl+
axuWg5ubyOc3NvWy+YqKbPpTvp40Ju/MeydzvtjuWrX7gPuLiKHIVIoISQqAl52v
Lb9B6OnZ2KBoZ18c
=GEWx
-----END PGP SIGNATURE-----