libvncserver (0.9.13+dfsg-1) unstable; urgency=medium
* New upstream release:
- CVE-2018-21247: When connecting to a repeater, only send initialised
string
- CVE-2019-20839: libvncclient: bail out if unix socket name would overflow
- CVE-2019-20840: fix crash because of unaligned accesses in
hybiReadAndDecode()
- CVE-2020-14396: libvncclient/tls_openssl: do not deref a NULL pointer
- CVE-2020-14397: libvncserver: add missing NULL pointer checks
- CVE-2020-14398: libvncclient: handle half-open TCP connections
- CVE-2020-14399: libvncclient: fix pointer aliasing/alignment issue
- CVE-2020-14400: libvncserver: fix pointer aliasing/alignment issue
- CVE-2020-14401: libvncserver: scale: cast to 64 bit before shifting
- CVE-2020-14402: libvncserver: encodings: prevent OOB accesses
- CVE-2020-14403: encodings: prevent OOB accesses
- CVE-2020-14404: libvncserver: encodings: prevent OOB accesses
- CVE-2020-14405: libvncclient/rfbproto: limit max textchat size
* debian/patches:
+ Drop all patches. All applied upstream.
+ Add README file explaining on our patch naming scheme.
* debian/*.symbols:
+ Update symbols.
* debian/control:
+ Bump DH compat level to version 13.
-- Mike Gabriel <email address hidden> Mon, 29 Jun 2020 14:44:43 +0200