diff -Nru vino-3.22.0/debian/changelog vino-3.22.0/debian/changelog --- vino-3.22.0/debian/changelog 2020-10-06 14:33:38.000000000 +0000 +++ vino-3.22.0/debian/changelog 2020-11-16 14:50:06.000000000 +0000 @@ -1,3 +1,12 @@ +vino (3.22.0-5ubuntu2.2) focal-security; urgency=medium + + * SECURITY UPDATE: Denial of service + - debian/patches/CVE-2020-25708.patch: fix possible divide-by-zero in + server/libvncserver/rfbserver.c. + - CVE-2020-25708 + + -- Leonidas S. Barbosa Mon, 16 Nov 2020 11:50:06 -0300 + vino (3.22.0-5ubuntu2.1) focal-security; urgency=medium * SECURITY UPDATE: DoS via unchecked malloc diff -Nru vino-3.22.0/debian/patches/CVE-2020-25708.patch vino-3.22.0/debian/patches/CVE-2020-25708.patch --- vino-3.22.0/debian/patches/CVE-2020-25708.patch 1970-01-01 00:00:00.000000000 +0000 +++ vino-3.22.0/debian/patches/CVE-2020-25708.patch 2020-11-16 14:50:00.000000000 +0000 @@ -0,0 +1,20 @@ +From 673c07a75ed844d74676f3ccdcfdc706a7052dba Mon Sep 17 00:00:00 2001 +From: Christian Beier +Date: Sun, 17 May 2020 13:47:21 +0200 +Subject: [PATCH] libvncserver/rfbserver: fix possible divide-by-zero + +Closes #409 +Index: vino-3.22.0/server/libvncserver/rfbserver.c +=================================================================== +--- vino-3.22.0.orig/server/libvncserver/rfbserver.c ++++ vino-3.22.0/server/libvncserver/rfbserver.c +@@ -1341,6 +1341,9 @@ rfbSendRectEncodingRaw(rfbClientPtr cl, + char *fbptr = (cl->screen->frameBuffer + (cl->screen->paddedWidthInBytes * y) + + (x * (cl->screen->bitsPerPixel / 8))); + ++ if(!h || !w) ++ return TRUE; /* nothing to send */ ++ + /* Flush the buffer to guarantee correct alignment for translateFn(). */ + if (cl->ublen > 0) { + if (!rfbSendUpdateBuf(cl)) diff -Nru vino-3.22.0/debian/patches/series vino-3.22.0/debian/patches/series --- vino-3.22.0/debian/patches/series 2020-10-06 14:32:43.000000000 +0000 +++ vino-3.22.0/debian/patches/series 2020-11-16 14:49:54.000000000 +0000 @@ -14,3 +14,4 @@ CVE-2019-15681.patch CVE-2020-14397.patch CVE-2020-1440x.patch +CVE-2020-25708.patch