Debian
tightvnc package

tightvnc 1:1.3.9-9.1 source package in Debian

Changelog

tightvnc (1:1.3.9-9.1) unstable; urgency=medium

  * Security upload. (Closes: #945364).
  * CVE-2014-6053: Check malloc() return value on client->server ClientCutText
    message.
  * CVE-2019-8287 (aka CVE-2018-20020): Fix heap out-of-bound write
    vulnerability inside structure in VNC client code.
  * CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code.
  * CVE-2018-20022: CWE-665: Improper Initialization vulnerability.
  * CVE-2018-7225: Uninitialized and potentially sensitive data could be
    accessed by remote attackers because the msg.cct.length in rfbserver.c was
    not sanitized.
  * CVE-2019-15678: LibVNCClient: ignore server-sent cut text longer than 1MB.
  * Extra patch similar to the fix for CVE-2019-15678: LibVNCClient: ignore
    server-sent reason strings longer than 1MB (see CVE-2018-20748/
    libvncserver).
  * CVE-2019-15679: rfbproto.c/InitialiseRFBConnection: Check desktop name
    length received before allocating memory for it and limit it to 1MB.
  * CVE-2019-15680: Fix null-pointer-deref issue in vncviewer/zlib.c.
  * CVE-2019-15681: rfbserver: don't leak stack memory to the remote.

 -- Mike Gabriel <email address hidden>  Sat, 21 Dec 2019 10:35:50 +0100

Upload details

Uploaded by:
Ola Lundqvist
Uploaded to:
Sid
Original maintainer:
Ola Lundqvist
Architectures:
any
Section:
x11
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
tightvnc_1.3.9-9.1.dsc 2.0 KiB 6b4e5a12d35bacfdf2b76bff80bab9a42421aa007cc8d7f69da758ac449993fe
tightvnc_1.3.9.orig.tar.gz 2.1 MiB 56062708bb547425f8e8f0f9c571d4fa06fcc89a11146a5b15c608fd8debdb80
tightvnc_1.3.9-9.1.debian.tar.xz 55.2 KiB 272c910d055ab3c8297bda3d11911909e43592458e19d469386a23fa0a6a0c01

No changes file available.

Binary packages built by this source