Debian
tightvnc package

tightvnc 1:1.3.9-9+deb9u1 source package in Debian

Changelog

tightvnc (1:1.3.9-9+deb9u1) stretch; urgency=medium

  * Security upload. (Closes: #945364).
  * CVE-2014-6053: Check malloc() return value on client->server ClientCutText
    message.
  * CVE-2019-8287 (aka CVE-2018-20020): Fix heap out-of-bound write
    vulnerability inside structure in VNC client code.
  * CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code.
  * CVE-2018-20022: CWE-665: Improper Initialization vulnerability.
  * CVE-2018-7225: Uninitialized and potentially sensitive data could be
    accessed by remote attackers because the msg.cct.length in rfbserver.c was
    not sanitized.
  * CVE-2019-15678: LibVNCClient: ignore server-sent cut text longer than 1MB.
  * Extra patch similar to the fix for CVE-2019-15678: LibVNCClient: ignore
    server-sent reason strings longer than 1MB (see CVE-2018-20748/
    libvncserver).
  * CVE-2019-15679: rfbproto.c/InitialiseRFBConnection: Check desktop name
    length received before allocating memory for it and limit it to 1MB.
  * CVE-2019-15680: Fix null-pointer-deref issue in vncviewer/zlib.c.
  * CVE-2019-15681: rfbserver: don't leak stack memory to the remote.

 -- Mike Gabriel <email address hidden>  Sat, 21 Dec 2019 10:35:50 +0100

Upload details

Uploaded by:
Ola Lundqvist
Uploaded to:
Stretch
Original maintainer:
Ola Lundqvist
Architectures:
any
Section:
x11
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Stretch release main x11

Builds

Downloads

File Size SHA-256 Checksum
tightvnc_1.3.9-9+deb9u1.dsc 2.0 KiB 0fee71179202c93094b8619a86647549218be2a70821ec2b71305cf9176b5a1a
tightvnc_1.3.9.orig.tar.gz 2.1 MiB 56062708bb547425f8e8f0f9c571d4fa06fcc89a11146a5b15c608fd8debdb80
tightvnc_1.3.9-9+deb9u1.debian.tar.xz 55.2 KiB f9bfda27ecac0a8850132a1d644b6a5cdb63d57b994c09c8ce8d7d0a75378e44

No changes file available.

Binary packages built by this source