Changelog
tightvnc (1:1.3.9-9+deb9u1) stretch; urgency=medium
* Security upload. (Closes: #945364).
* CVE-2014-6053: Check malloc() return value on client->server ClientCutText
message.
* CVE-2019-8287 (aka CVE-2018-20020): Fix heap out-of-bound write
vulnerability inside structure in VNC client code.
* CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code.
* CVE-2018-20022: CWE-665: Improper Initialization vulnerability.
* CVE-2018-7225: Uninitialized and potentially sensitive data could be
accessed by remote attackers because the msg.cct.length in rfbserver.c was
not sanitized.
* CVE-2019-15678: LibVNCClient: ignore server-sent cut text longer than 1MB.
* Extra patch similar to the fix for CVE-2019-15678: LibVNCClient: ignore
server-sent reason strings longer than 1MB (see CVE-2018-20748/
libvncserver).
* CVE-2019-15679: rfbproto.c/InitialiseRFBConnection: Check desktop name
length received before allocating memory for it and limit it to 1MB.
* CVE-2019-15680: Fix null-pointer-deref issue in vncviewer/zlib.c.
* CVE-2019-15681: rfbserver: don't leak stack memory to the remote.
-- Mike Gabriel <email address hidden> Sat, 21 Dec 2019 10:35:50 +0100