Ubuntu
libvncserver package

Change logs for libvncserver source package in Trusty

  1. Trusty (14.04)
  2. Change log 
  • libvncserver (0.9.9+dfsg-1ubuntu1.4) trusty-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/CVE-2018-*.patch: add upstream commits to fix
      multiple security issues.
    - CVE-2018-6307, CVE-2018-15126, CVE-2018-15127, CVE-2018-20019,
      CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023,
      CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750

 -- Marc Deslauriers <email address hidden>  Wed, 30 Jan 2019 14:00:33 -0500
  • libvncserver (0.9.9+dfsg-1ubuntu1.3) trusty-security; urgency=medium

  * SECURITY UPDATE: integer overflow or memory access
    - debian/patches/CVE-2018-7225.patch: limit client cut text length to
      1 MB in libvncserver/rfbserver.c.
    - CVE-2018-7225

 -- Marc Deslauriers <email address hidden>  Fri, 30 Mar 2018 10:46:20 -0400
  • libvncserver (0.9.9+dfsg-1ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: heap overflows in rectangle fill functions
    - debian/patches/CVE-2016-9941.patch: add bounds checking to
      libvncclient/rfbproto.c.
    - CVE-2016-9941
  * SECURITY UPDATE: heap overflow in Ultra type tile decoder
    - debian/patches/CVE-2016-9942.patch: use _safe variant in
      libvncclient/ultra.c.
    - CVE-2016-9942

 -- Marc Deslauriers <email address hidden>  Fri, 06 Jan 2017 07:57:31 -0500
  • libvncserver (0.9.9+dfsg-1ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    integer overflow and lack of malloc error handling in
    MallocFrameBuffer()
    - debian/patches/CVE-2014-6051-6052.patch: check size and handle
      return code in libvncclient/vncviewer.c, handle return code in
      libvncclient/rfbproto.c.
    - CVE-2014-6051
    - CVE-2014-6052
  * SECURITY UPDATE: denial of service via large ClientCutText message
    - debian/patches/CVE-2014-6053.patch: check malloc result in
      libvncserver/rfbserver.c.
    - CVE-2014-6053
  * SECURITY UPDATE: denial of service via zero scaling factor
    - debian/patches/CVE-2014-6054.patch: prevent zero scaling factor in
      libvncserver/rfbserver.c, check for integer overflow in
      libvncserver/scale.c.
    - CVE-2014-6054
  * SECURITY UPDATE: denial of service and possible code execution via
    stack overflows in File Transfer feature
    - debian/patches/CVE-2014-6055.patch: check sizes in
      libvncserver/rfbserver.c.
    - CVE-2014-6055
 -- Marc Deslauriers <email address hidden>   Thu, 25 Sep 2014 11:40:15 -0400
  • libvncserver (0.9.9+dfsg-1ubuntu1) trusty; urgency=medium

  * Patch acinclude.m4 for ppc64el.
  * Fix build failure with -Wformat-security.
  * Enable verbose build.
 -- Matthias Klose <email address hidden>   Sun, 22 Dec 2013 12:56:20 +0100
  • libvncserver (0.9.9+dfsg-1) unstable; urgency=low


  * New upstream release.
  * Patches refreshed for the new upstream version.
  * Multi-arch support (Closes: #664883).
  * debian/patches/format_string.patch:
    - Use format string argument with fprintf.
  * debian/patches/02_linux_test.patch:
    - Removed, applied upstream.
  * debian/patches/04_rename_linuxvnc.patch:
    - Removed, applied upstream.
  * debian/patches/05_GnuTLS.patch:
    - Removed, applied upstream.
  * debian/compat:
    - Bump compatibility level to 9.
  * debian/control:
    - Add libvncserver-config binary package, needed for Multi-arch.
    - Bump Standards-Version to 3.9.3.
  * debian/copyright:
    - Convert to DEP5 format.
  * debian/libvncserver-config.1:
    - Fix hyphen-used-as-minus-sign lintian warning.
  * debian/rules:
    - Implement a get-orig-source target to get rid of webclients
      directory, which contains Java classes without sources.
  * debian/watch:
    - Mangle "+dfsg" prefix from version number.

 -- Luca Falavigna <email address hidden>  Sat, 05 May 2012 23:45:15 +0200