Format: 1.8 Date: Fri, 10 Jul 2020 15:42:39 -0400 Source: libvncserver Binary: libvncclient1 libvncserver-dev libvncserver1 Architecture: s390x Version: 0.9.12+dfsg-9ubuntu0.2 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Avital Ostromich Description: libvncclient1 - API to write one's own VNC server - client library libvncserver-dev - API to write one's own VNC server - development files libvncserver1 - API to write one's own VNC server Changes: libvncserver (0.9.12+dfsg-9ubuntu0.2) focal-security; urgency=medium . * SECURITY UPDATE: buffer overflow via a long socket filename - debian/patches/CVE-2019-20839.patch: Error out if the unix socket name would overflow in libvncclient/sockets.c. - CVE-2019-20839 * SECURITY UPDATE: NULL pointer dereference in anonTLS mode - debian/patches/CVE-2020-14396.patch: Do not dereference NULL cred pointer in libvncclient/tls_openssl.c if in anonTLS mode. - CVE-2020-14396 * SECURITY UPDATE: NULL pointer dereference in region clipping span routine - debian/patches/CVE-2020-14397.patch: Add NULL pointer dereference checks to libvncserver/rfbregion.c. - CVE-2020-14397 * SECURITY UPDATE: infinite loop due to improperly closed TCP connection - debian/patches/CVE-2020-14398.patch: Close the connection after a certain number of retries in libvncclient/sockets.c. - CVE-2020-14398 * SECURITY UPDATE: byte-aligned data is accessed through uint32_t pointers - debian/patches/CVE-2020-14399.patch: Ensure a proper stack alignment in libvncclient/rfbproto.c. - CVE-2020-14399 * SECURITY UPDATE: byte-aligned data is accessed through uint16_t pointers - debian/patches/CVE-2020-14400.patch: Ensure a proper stack alignment in libvncserver/translate.c. - CVE-2020-14400 * SECURITY UPDATE: integer overflow in bitwise operation on pixel_value - debian/patches/CVE-2020-14401.patch: Cast variable to 64 bit before performing bitwise operation. - CVE-2020-14401 * SECURITY UPDATE: out-of-bounds access via encodings - debian/patches/CVE-2020-14402_CVE-2020-14403_CVE-2020-14404.patch: Check bounds before accessing array value in libvncserver/corre.c, libvncserver/hextile.c and libvncserver/rre.c - CVE-2020-14402 - CVE-2020-14403 - CVE-2020-14404 * SECURITY UPDATE: unchecked TextChat allocation size - debian/patches/CVE-2020-14405.patch: Limit max TextChat size in libvncclient/rfbproto.c. - CVE-2020-14405 Checksums-Sha1: e4dee86dc4c709c7b3b38d8b863358443d2ca4b6 173444 libvncclient1-dbgsym_0.9.12+dfsg-9ubuntu0.2_s390x.ddeb 89bb1a79a12585d8cec72f404437f04f20385190 62832 libvncclient1_0.9.12+dfsg-9ubuntu0.2_s390x.deb 0db1e32abc2dc7131b1368f72aced9345c82c7b2 67492 libvncserver-dev_0.9.12+dfsg-9ubuntu0.2_s390x.deb ae8f859f9fbd46a16a01f394684c34dfc251909c 325844 libvncserver1-dbgsym_0.9.12+dfsg-9ubuntu0.2_s390x.ddeb b2424db7ba30fd292122db9b51d9a29982770607 114988 libvncserver1_0.9.12+dfsg-9ubuntu0.2_s390x.deb c31cf4eef4aec1a97025003df2f6212af5ca8424 8653 libvncserver_0.9.12+dfsg-9ubuntu0.2_s390x.buildinfo Checksums-Sha256: 3fb813bc1000607e067d001bb42367bee7d2f235a4a1982a1a0f350836a1ef3a 173444 libvncclient1-dbgsym_0.9.12+dfsg-9ubuntu0.2_s390x.ddeb 9fad229f5eb3eff5fa4ff5dac06f9e4d0f7b4f4bb56f1c18d33339488c2ec30e 62832 libvncclient1_0.9.12+dfsg-9ubuntu0.2_s390x.deb 1611706c1d539de099c0edd54a043da5937bc9cebfb2b00798adc406f1c8bf63 67492 libvncserver-dev_0.9.12+dfsg-9ubuntu0.2_s390x.deb 8e7afe27cfc8e6ad3fa794dd4e36e96acaa96fa57889ec02d7fedf88f3839a21 325844 libvncserver1-dbgsym_0.9.12+dfsg-9ubuntu0.2_s390x.ddeb a168bb5399b73c62bf6551b56991f97c3437831e2fd138a25facf9a9188b1ceb 114988 libvncserver1_0.9.12+dfsg-9ubuntu0.2_s390x.deb 613f3c48cb6a200215bcb9afcaa32c386bbe0ba52c95b9f41ab0a35e27dd3d4d 8653 libvncserver_0.9.12+dfsg-9ubuntu0.2_s390x.buildinfo Files: cb4d3900dc2bfcf473d934ca9249a10a 173444 debug optional libvncclient1-dbgsym_0.9.12+dfsg-9ubuntu0.2_s390x.ddeb 9d9000c7b4e5af6ea1cd91bc29f3421a 62832 libs optional libvncclient1_0.9.12+dfsg-9ubuntu0.2_s390x.deb cec49635f31d120bdc1ef634649a900a 67492 libdevel optional libvncserver-dev_0.9.12+dfsg-9ubuntu0.2_s390x.deb fd218587eb0b9ca92853799f379dc81d 325844 debug optional libvncserver1-dbgsym_0.9.12+dfsg-9ubuntu0.2_s390x.ddeb 2b345fd496a9dc7f5e57f4d493557e11 114988 libs optional libvncserver1_0.9.12+dfsg-9ubuntu0.2_s390x.deb 0c2384a59e3acee8f3d7d3de521de789 8653 libs optional libvncserver_0.9.12+dfsg-9ubuntu0.2_s390x.buildinfo Original-Maintainer: Debian Remote Maintainers