Debian
tightvnc package

tightvnc 1:1.3.9-9+deb10u1 source package in Debian

Changelog

tightvnc (1:1.3.9-9+deb10u1) buster; urgency=medium

  * Security upload. (Closes: #945364).
  * CVE-2014-6053: Check malloc() return value on client->server ClientCutText
    message.
  * CVE-2018-20020: Fix heap out-of-bound write vulnerability inside structure
    in VNC client code.
  * CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code.
  * CVE-2018-20022: CWE-665: Improper Initialization vulnerability.
  * CVE-2018-7225: Uninitialized and potentially sensitive data could be
    accessed by remote attackers because the msg.cct.length in rfbserver.c was
    not sanitized.
  * CVE-2019-15678: LibVNCClient: ignore server-sent cut text longer than 1MB.
  * Extra patch similar to the fix for CVE-2019-15678: LibVNCClient: ignore
    server-sent reason strings longer than 1MB (see CVE-2018-20748/
    libvncserver).
  * CVE-2019-15679: rfbproto.c/InitialiseRFBConnection: Check desktop name
    length received before allocating memory for it and limit it to 1MB.
  * CVE-2019-15680: Fix null-pointer-deref issue in vncviewer/zlib.c.
  * CVE-2019-15681: rfbserver: don't leak stack memory to the remote.

 -- Mike Gabriel <email address hidden>  Sat, 21 Dec 2019 10:35:50 +0100

Upload details

Uploaded by:
Ola Lundqvist
Uploaded to:
Buster
Original maintainer:
Ola Lundqvist
Architectures:
any
Section:
x11
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Buster release main x11

Builds

Downloads

File Size SHA-256 Checksum
tightvnc_1.3.9-9+deb10u1.dsc 2.0 KiB 80b3f3e01e32a3131a8f367517250eca84870094ba81f0ad22851b14e273fcf4
tightvnc_1.3.9.orig.tar.gz 2.1 MiB 56062708bb547425f8e8f0f9c571d4fa06fcc89a11146a5b15c608fd8debdb80
tightvnc_1.3.9-9+deb10u1.debian.tar.xz 55.2 KiB bfffa6d39caea23e7f87c8cc6f527cb42e5ce4040685e3ba8240193efc502f31

No changes file available.

Binary packages built by this source