desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #86920
[Bug 1399584] Re: Sync libvncserver 0.9.9+dfsg-6.1 (main) from Debian unstable (main)
This bug was fixed in the package libvncserver - 0.9.9+dfsg-6.1
Sponsored for LocutusOfBorg (costamagnagianfranco)
---------------
libvncserver (0.9.9+dfsg-6.1) unstable; urgency=medium
* Non-maintainer upload.
* CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055:
Multiple issues in libVNCserver -- cherry picking targeted fixed from
upstream (Closes: #762745)
-- Tobias Frost <tobi@xxxxxxxxxx> Sun, 23 Nov 2014 16:19:53 +0100
** Changed in: libvncserver (Ubuntu)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-6051
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-6052
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-6053
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-6054
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-6055
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libvncserver in Ubuntu.
https://bugs.launchpad.net/bugs/1399584
Title:
Sync libvncserver 0.9.9+dfsg-6.1 (main) from Debian unstable (main)
Status in libvncserver package in Ubuntu:
Fix Released
Bug description:
Please sync libvncserver 0.9.9+dfsg-6.1 (main) from Debian unstable
(main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: denial of service and possible code execution via
integer overflow and lack of malloc error handling in
MallocFrameBuffer()
- debian/patches/CVE-2014-6051-6052.patch: check size and handle
return code in libvncclient/vncviewer.c, handle return code in
libvncclient/rfbproto.c.
- CVE-2014-6051
- CVE-2014-6052
* SECURITY UPDATE: denial of service via large ClientCutText message
- debian/patches/CVE-2014-6053.patch: check malloc result in
libvncserver/rfbserver.c.
- CVE-2014-6053
* SECURITY UPDATE: denial of service via zero scaling factor
- debian/patches/CVE-2014-6054.patch: prevent zero scaling factor in
libvncserver/rfbserver.c, check for integer overflow in
libvncserver/scale.c.
- CVE-2014-6054
* SECURITY UPDATE: denial of service and possible code execution via
stack overflows in File Transfer feature
- debian/patches/CVE-2014-6055.patch: check sizes in
libvncserver/rfbserver.c.
- CVE-2014-6055
* SECURITY UPDATE: denial of service and possible code execution via
integer overflow and lack of malloc error handling in
MallocFrameBuffer()
- debian/patches/CVE-2014-6051-6052.patch: check size and handle
return code in libvncclient/vncviewer.c, handle return code in
libvncclient/rfbproto.c.
- CVE-2014-6051
- CVE-2014-6052
* SECURITY UPDATE: denial of service via large ClientCutText message
- debian/patches/CVE-2014-6053.patch: check malloc result in
libvncserver/rfbserver.c.
- CVE-2014-6053
* SECURITY UPDATE: denial of service via zero scaling factor
- debian/patches/CVE-2014-6054.patch: prevent zero scaling factor in
libvncserver/rfbserver.c, check for integer overflow in
libvncserver/scale.c.
- CVE-2014-6054
* SECURITY UPDATE: denial of service and possible code execution via
stack overflows in File Transfer feature
- debian/patches/CVE-2014-6055.patch: check sizes in
libvncserver/rfbserver.c.
- CVE-2014-6055
Debian fixed them too
Changelog entries since current vivid version 0.9.9+dfsg-6ubuntu1:
libvncserver (0.9.9+dfsg-6.1) unstable; urgency=medium
* Non-maintainer upload.
* CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055:
Multiple issues in libVNCserver -- cherry picking targeted fixed from
upstream (Closes: #762745)
-- Tobias Frost <tobi@xxxxxxxxxx> Sun, 23 Nov 2014 16:19:53 +0100
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvncserver/+bug/1399584/+subscriptions
References