Back to tightvnc PTS page

Accepted tightvnc 1:1.3.9-9+deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted tightvnc 1:1.3.9-9+deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
From: Mike Gabriel <sunweaver@debian.org>
Date: Sun, 29 Dec 2019 14:44:47 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1ilZoF-00057d-Nh@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 21 Dec 2019 10:35:50 +0100
Source: tightvnc
Architecture: source
Version: 1:1.3.9-9+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Ola Lundqvist <opal@debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Closes: 945364
Changes:
 tightvnc (1:1.3.9-9+deb9u1) stretch; urgency=medium
 .
   * Security upload. (Closes: #945364).
   * CVE-2014-6053: Check malloc() return value on client->server ClientCutText
     message.
   * CVE-2019-8287 (aka CVE-2018-20020): Fix heap out-of-bound write
     vulnerability inside structure in VNC client code.
   * CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code.
   * CVE-2018-20022: CWE-665: Improper Initialization vulnerability.
   * CVE-2018-7225: Uninitialized and potentially sensitive data could be
     accessed by remote attackers because the msg.cct.length in rfbserver.c was
     not sanitized.
   * CVE-2019-15678: LibVNCClient: ignore server-sent cut text longer than 1MB.
   * Extra patch similar to the fix for CVE-2019-15678: LibVNCClient: ignore
     server-sent reason strings longer than 1MB (see CVE-2018-20748/
     libvncserver).
   * CVE-2019-15679: rfbproto.c/InitialiseRFBConnection: Check desktop name
     length received before allocating memory for it and limit it to 1MB.
   * CVE-2019-15680: Fix null-pointer-deref issue in vncviewer/zlib.c.
   * CVE-2019-15681: rfbserver: don't leak stack memory to the remote.
Checksums-Sha1:
 ad5e09609a4e6cf94aa285a1e8530454cfb82b04 2031 tightvnc_1.3.9-9+deb9u1.dsc
 ab3fc2db4673aa89ad6c9cddbfcb269f3a2c51fd 56520 tightvnc_1.3.9-9+deb9u1.debian.tar.xz
 aea1bdbbf93b0b142aa3c1c293b0df8586ba06c1 8102 tightvnc_1.3.9-9+deb9u1_source.buildinfo
Checksums-Sha256:
 0fee71179202c93094b8619a86647549218be2a70821ec2b71305cf9176b5a1a 2031 tightvnc_1.3.9-9+deb9u1.dsc
 f9bfda27ecac0a8850132a1d644b6a5cdb63d57b994c09c8ce8d7d0a75378e44 56520 tightvnc_1.3.9-9+deb9u1.debian.tar.xz
 da0e2ceb522c334c42db1706945b046ff0816724436770f645e068bb6a7db71f 8102 tightvnc_1.3.9-9+deb9u1_source.buildinfo
Files:
 204c56026b3310d604206ea8956d04d1 2031 x11 optional tightvnc_1.3.9-9+deb9u1.dsc
 2c36a76f7618aeeb9ca2240201f10fd6 56520 x11 optional tightvnc_1.3.9-9+deb9u1.debian.tar.xz
 fbdfeb2f9d082e0422094618afbf3ed3 8102 x11 optional tightvnc_1.3.9-9+deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl4A5N0VHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxhXkP/Rgn92iK8XpqlpfYYV0C8ZoNFUaq
gjldf1yio7hZwddx/kUJ5PnzJRNpyLdlARPq+2AbsKAwRt7DgOUD18Ux7C97vMsj
GaprrVfJuV2QKC0fEgRF74lAF2O9/pi/9PT9n3FsO57xcT6qI9NRxw+K0OWQq+0i
iKMkKy/PXoWYxUDJyug8Rov9kOwEAJUYKyQweumWlwj5mKD8FZcdBHzKVFGcBjZC
A6gWJek1yLGnkk7rx7OyfoVh9vt68jMRF+k85NG2iAvp8PD+33e8RyMKheQlLeAt
0zVok8MPdeLu8k6Cf/nmMGxfIsqaDw075Grba1zR6kvK2OB9k+yuyStKXqptfv0k
QLEn5PXQLTgFngvVE+ZmvzQXHBPLHwlQmvmhQdxaHfKjDmOvKXuwupZKYaVNLcOz
tjFUvx+TC+KHqPvcmod17yEk/pfdu334iMZSpR6Fcac3agZsbi2CedtPmN5+Vv5y
L+xpGAtravk/+dgNjwAIrHj16+2nRB4qFQomesX2IbgW4bGB8vSO9Vjs6MKPDlGx
TKsijZNVvmS+NwTs9QlWa4XV8x60FsiT/Ot6WIoqAMTk9MBDL9sGekyuPx8HGv1O
+LGYiRGsj+Hg5gob7MN4fkkPiIIblZt1Ik1BZVE/EDCFqpggPu7OnjpaIeHVrRd8
idxtrys/Ra2/vOQ+
=FgAZ
-----END PGP SIGNATURE-----