← Back to team overview

desktop-packages team mailing list archive

[Bug 1399584] Re: Sync libvncserver 0.9.9+dfsg-6.1 (main) from Debian unstable (main)

 

This bug was fixed in the package libvncserver - 0.9.9+dfsg-6.1
Sponsored for LocutusOfBorg (costamagnagianfranco)

---------------
libvncserver (0.9.9+dfsg-6.1) unstable; urgency=medium

  * Non-maintainer upload.
  * CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055:
    Multiple issues in libVNCserver -- cherry picking targeted fixed from
    upstream (Closes: #762745)

 -- Tobias Frost <tobi@xxxxxxxxxx>  Sun, 23 Nov 2014 16:19:53 +0100

** Changed in: libvncserver (Ubuntu)
       Status: New => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-6051

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-6052

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-6053

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-6054

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-6055

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libvncserver in Ubuntu.
https://bugs.launchpad.net/bugs/1399584

Title:
  Sync libvncserver 0.9.9+dfsg-6.1 (main) from Debian unstable (main)

Status in libvncserver package in Ubuntu:
  Fix Released

Bug description:
  Please sync libvncserver 0.9.9+dfsg-6.1 (main) from Debian unstable
  (main)

  Explanation of the Ubuntu delta and why it can be dropped:
    * SECURITY UPDATE: denial of service and possible code execution via
      integer overflow and lack of malloc error handling in
      MallocFrameBuffer()
      - debian/patches/CVE-2014-6051-6052.patch: check size and handle
        return code in libvncclient/vncviewer.c, handle return code in
        libvncclient/rfbproto.c.
      - CVE-2014-6051
      - CVE-2014-6052
    * SECURITY UPDATE: denial of service via large ClientCutText message
      - debian/patches/CVE-2014-6053.patch: check malloc result in
        libvncserver/rfbserver.c.
      - CVE-2014-6053
    * SECURITY UPDATE: denial of service via zero scaling factor
      - debian/patches/CVE-2014-6054.patch: prevent zero scaling factor in
        libvncserver/rfbserver.c, check for integer overflow in
        libvncserver/scale.c.
      - CVE-2014-6054
    * SECURITY UPDATE: denial of service and possible code execution via
      stack overflows in File Transfer feature
      - debian/patches/CVE-2014-6055.patch: check sizes in
        libvncserver/rfbserver.c.
      - CVE-2014-6055
    * SECURITY UPDATE: denial of service and possible code execution via
      integer overflow and lack of malloc error handling in
      MallocFrameBuffer()
      - debian/patches/CVE-2014-6051-6052.patch: check size and handle
        return code in libvncclient/vncviewer.c, handle return code in
        libvncclient/rfbproto.c.
      - CVE-2014-6051
      - CVE-2014-6052
    * SECURITY UPDATE: denial of service via large ClientCutText message
      - debian/patches/CVE-2014-6053.patch: check malloc result in
        libvncserver/rfbserver.c.
      - CVE-2014-6053
    * SECURITY UPDATE: denial of service via zero scaling factor
      - debian/patches/CVE-2014-6054.patch: prevent zero scaling factor in
        libvncserver/rfbserver.c, check for integer overflow in
        libvncserver/scale.c.
      - CVE-2014-6054
    * SECURITY UPDATE: denial of service and possible code execution via
      stack overflows in File Transfer feature
      - debian/patches/CVE-2014-6055.patch: check sizes in
        libvncserver/rfbserver.c.
      - CVE-2014-6055

  Debian fixed them too

  Changelog entries since current vivid version 0.9.9+dfsg-6ubuntu1:

  libvncserver (0.9.9+dfsg-6.1) unstable; urgency=medium

    * Non-maintainer upload.
    * CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055:
      Multiple issues in libVNCserver -- cherry picking targeted fixed from
      upstream (Closes: #762745)

   -- Tobias Frost <tobi@xxxxxxxxxx>  Sun, 23 Nov 2014 16:19:53 +0100

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvncserver/+bug/1399584/+subscriptions


References