[ubuntu/focal-security] vino 3.22.0-5ubuntu2.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed Oct 7 12:37:14 UTC 2020

vino (3.22.0-5ubuntu2.1) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via unchecked malloc
    - debian/patches/CVE-2014-6053.patch: check malloc() return value in
    - CVE-2014-6053
  * SECURITY UPDATE: client cut length issue
    - debian/patches/CVE-2018-7225.patch: limit client cut text length to
      1 MB in server/libvncserver/rfbserver.c.
    - CVE-2018-7225
  * SECURITY UPDATE: information disclosure via memory leak
    - debian/patches/CVE-2019-15681.patch: don't leak stack memory to the
      remote in server/libvncserver/rfbserver.c.
    - CVE-2019-15681
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2020-14397.patch: add missing NULL pointer checks
      in server/libvncserver/rfbregion.c, server/libvncserver/rfbserver.c.
    - CVE-2020-14397
  * SECURITY UPDATE: out-of-bounds access via encodings
    - debian/patches/CVE-2020-1440x.patch: prevent OOB accesses in
      server/libvncserver/corre.c, server/libvncserver/hextile.c,
    - CVE-2020-14402
    - CVE-2020-14403
    - CVE-2020-14404

Date: 2020-10-06 15:24:14.772015+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list