[ubuntu/utopic-proposed] libvncserver 0.9.9+dfsg-6ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Mon Sep 29 17:01:39 UTC 2014
libvncserver (0.9.9+dfsg-6ubuntu1) utopic; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
integer overflow and lack of malloc error handling in
MallocFrameBuffer()
- debian/patches/CVE-2014-6051-6052.patch: check size and handle
return code in libvncclient/vncviewer.c, handle return code in
libvncclient/rfbproto.c.
- CVE-2014-6051
- CVE-2014-6052
* SECURITY UPDATE: denial of service via large ClientCutText message
- debian/patches/CVE-2014-6053.patch: check malloc result in
libvncserver/rfbserver.c.
- CVE-2014-6053
* SECURITY UPDATE: denial of service via zero scaling factor
- debian/patches/CVE-2014-6054.patch: prevent zero scaling factor in
libvncserver/rfbserver.c, check for integer overflow in
libvncserver/scale.c.
- CVE-2014-6054
* SECURITY UPDATE: denial of service and possible code execution via
stack overflows in File Transfer feature
- debian/patches/CVE-2014-6055.patch: check sizes in
libvncserver/rfbserver.c.
- CVE-2014-6055
Date: Thu, 25 Sep 2014 11:20:51 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/utopic/+source/libvncserver/0.9.9+dfsg-6ubuntu1
-------------- next part --------------
Format: 1.8
Date: Thu, 25 Sep 2014 11:20:51 -0400
Source: libvncserver
Binary: libvncclient0 libvncserver0 libvncserver-dev libvncserver-config libvncclient0-dbg libvncserver0-dbg linuxvnc
Architecture: source
Version: 0.9.9+dfsg-6ubuntu1
Distribution: utopic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libvncclient0 - API to write one's own vnc server - client library
libvncclient0-dbg - debugging symbols for libvncclient
libvncserver-config - API to write one's own vnc server - library utility
libvncserver-dev - API to write one's own vnc server - development files
libvncserver0 - API to write one's own vnc server
libvncserver0-dbg - debugging symbols for libvncserver
linuxvnc - VNC server to allow remote access to a tty
Changes:
libvncserver (0.9.9+dfsg-6ubuntu1) utopic; urgency=medium
.
* SECURITY UPDATE: denial of service and possible code execution via
integer overflow and lack of malloc error handling in
MallocFrameBuffer()
- debian/patches/CVE-2014-6051-6052.patch: check size and handle
return code in libvncclient/vncviewer.c, handle return code in
libvncclient/rfbproto.c.
- CVE-2014-6051
- CVE-2014-6052
* SECURITY UPDATE: denial of service via large ClientCutText message
- debian/patches/CVE-2014-6053.patch: check malloc result in
libvncserver/rfbserver.c.
- CVE-2014-6053
* SECURITY UPDATE: denial of service via zero scaling factor
- debian/patches/CVE-2014-6054.patch: prevent zero scaling factor in
libvncserver/rfbserver.c, check for integer overflow in
libvncserver/scale.c.
- CVE-2014-6054
* SECURITY UPDATE: denial of service and possible code execution via
stack overflows in File Transfer feature
- debian/patches/CVE-2014-6055.patch: check sizes in
libvncserver/rfbserver.c.
- CVE-2014-6055
Checksums-Sha1:
034ecd562304503eb9938ace6f46e2db8c4972f3 2505 libvncserver_0.9.9+dfsg-6ubuntu1.dsc
e37cbc306e57a8d81f1ed87098c154adff7bf394 22192 libvncserver_0.9.9+dfsg-6ubuntu1.debian.tar.xz
Checksums-Sha256:
0a5bb58ea2fc54df9479b592aed2e746648840d2d75ce29ed46aacab96ec42c8 2505 libvncserver_0.9.9+dfsg-6ubuntu1.dsc
dd35c961d48a55ba95dba21bc47bb36e836bc620f7858280408a89a2f2b639e8 22192 libvncserver_0.9.9+dfsg-6ubuntu1.debian.tar.xz
Files:
6f07ee5302c8308f96cfbda6c726aa9f 2505 libs optional libvncserver_0.9.9+dfsg-6ubuntu1.dsc
648372447863f66df5f9e47d5453d13b 22192 libs optional libvncserver_0.9.9+dfsg-6ubuntu1.debian.tar.xz
Original-Maintainer: Luca Falavigna <dktrkranz at debian.org>
More information about the Utopic-changes
mailing list