-
italc (1:3.0.3+dfsg1-3ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: merge security patches from debian for heap overflows
- debian/patches/libvncserver_CVE-2018-7225.patch: Uninitialized and
potentially sensitive data could be accessed by remote attackers because
the msg.cct.length in rfbserver.c was not sanitized.
- debian/patches/libvnc_server+client_CVE-2018-15127-CVE-2018-20019.patch:
heap out-of-bound write vulnerability.
- debian/patches/libvncclient_CVE-2018-20020.patch: heap out-of-bound
write vulnerability inside structure in VNC client code.
- debian/patches/libvncclient_CVE-2018-20021.patch: CWE-835: Infinite loop
vulnerability in VNC client code.
- debian/patches/libvncclient_CVE-2018-20022.patch: CWE-665: Improper
Initialization vulnerability.
- debian/patches/libvncclient_CVE-2018-20023.patch: Improper
Initialization vulnerability in VNC Repeater client code.
- debian/patches/libvncclient_CVE-2018-20024.patch: null pointer
dereference that can result DoS.
- debian/patches/libvncclient_CVE-2018-20748-1.patch: ignore server-sent
cut text longer than 1MB
- debian/patches/libvncclient_CVE-2018-20748-2.patch: ignore server-sent
reasong strings longer than 1MB
- debian/patches/libvncclient_CVE-2018-20748-3.patch: fail on server-sent
desktop name lengths longer than 1MB
- debian/patches/libvncclient_CVE-2018-20748-4.patch: remove now-useless
cast
- debian/patches/libvncserver_CVE-2018-20749.patch: incomplete fix for
CVE-2018-15127 oob heap writes.
- debian/patches/libvncserver_CVE-2018-20750.patch: incomplete fix for
CVE-2018-15127 oob heap writes.
- debian/patches/libvncserver_CVE-2019-15681.patch: rfbserver: don't leak
stack memory to the remote.
- CVE-2018-7225
- CVE-2018-15127
- CVE-2018-20019
- CVE-2018-20020
- CVE-2018-20021
- CVE-2018-20022
- CVE-2018-20023
- CVE-2018-20024
- CVE-2018-20748
- CVE-2018-20749
- CVE-2018-20750
- CVE-2019-15681
-- Mike Salvatore <email address hidden> Thu, 24 Sep 2020 11:19:00 -0400
-
italc (1:3.0.3+dfsg1-3) unstable; urgency=medium
[ Mike Gabriel ]
* debian/control:
+ Drop Patrick Winnertz from the list of uploaders. Thanks for previous
contributions. (Closes: #867760).
[ Pino Toscano ]
* debian/control:
+ Recommend kdialog rather than kde-baseapps-bin. (Closes: #885840).
[ Adrian Bunk ]
* debian/control:
+ Build with default-jdk instead of gcj-jdk. (Closes: #894083).
-- Mike Gabriel <email address hidden> Mon, 16 Apr 2018 10:39:33 +0200
-
italc (1:3.0.3+dfsg1-2ubuntu1) bionic; urgency=medium
* Build-depend on default-jdk instead of gcj-jdk.
-- Matthias Klose <email address hidden> Mon, 26 Mar 2018 09:44:36 +0800
-
italc (1:3.0.3+dfsg1-2build1) bionic; urgency=high
* No change rebuild against openssl1.1.
-- Dimitri John Ledkov <email address hidden> Mon, 05 Feb 2018 16:50:11 +0000
-
italc (1:3.0.3+dfsg1-2) unstable; urgency=medium
* debian/control:
+ Add B-D: qttools5-dev. (Closes: #881090).
+ Bump Standards-Version: to 4.1.1. No changes needed.
* debian/changelog, debian/man/*.1: White-space cleanup.
* debian/copyright:
+ Remove file that is not present in upstrean sources anymore.
-- Mike Gabriel <email address hidden> Sat, 25 Nov 2017 17:20:02 +0100
-
italc (1:3.0.3+dfsg1-1) unstable; urgency=medium
[ Mike Gabriel ]
* New upstream release.
* debian/patches:
+ Add README, explaining our patch naming scheme. Rename existing patches
accordingly.
+ Update/rebase 2001_inject-buildtype-from-outside.patch.
* debian/copyright:
+ Update copyright attributions (drop lib/include/Inject.h).
+ Update copyright attributions for debian/patches/.
[ Gianfranco Costamagna ]
* debian/{control,rules,libitalccore.install}:
+ Turn libitalccore into multi-arch library. (Closes: #850799).
-- Mike Gabriel <email address hidden> Fri, 20 Jan 2017 10:46:10 +0100