Format: 1.8 Date: Mon, 13 Jul 2020 16:01:32 -0400 Source: libvncserver Binary: libvncclient1 libvncserver1 libvncserver-dev libvncserver-config libvncclient1-dbg libvncserver1-dbg Architecture: ppc64el Version: 0.9.11+dfsg-1ubuntu1.3 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Avital Ostromich Description: libvncclient1 - API to write one's own VNC server - client library libvncclient1-dbg - debugging symbols for libvncclient libvncserver-config - API to write one's own VNC server - library utility libvncserver-dev - API to write one's own VNC server - development files libvncserver1 - API to write one's own VNC server libvncserver1-dbg - debugging symbols for libvncserver Changes: libvncserver (0.9.11+dfsg-1ubuntu1.3) bionic-security; urgency=medium . * SECURITY UPDATE: buffer overflow via a long socket filename - debian/patches/CVE-2019-20839.patch: Error out if the unix socket name would overflow in libvncclient/sockets.c. - CVE-2019-20839 * SECURITY UPDATE: unaligned accesses in hybiReadAndDecode can lead to a crash - debian/patches/CVE-2019-20840.patch: Ensure a proper stack alignment in libvncserver/websockets.c. - CVE-2019-20840 * SECURITY UPDATE: NULL pointer dereference in region clipping span routine - debian/patches/CVE-2020-14397.patch: Add NULL pointer dereference checks to libvncserver/rfbregion.c. - CVE-2020-14397 * SECURITY UPDATE: infinite loop due to improperly closed TCP connection - debian/patches/CVE-2020-14398.patch: Close the connection after a certain number of retries in libvncclient/sockets.c. - CVE-2020-14398 * SECURITY UPDATE: byte-aligned data is accessed through uint32_t pointers - debian/patches/CVE-2020-14399.patch: Ensure a proper stack alignment in libvncclient/rfbproto.c. - CVE-2020-14399 * SECURITY UPDATE: byte-aligned data is accessed through uint16_t pointers - debian/patches/CVE-2020-14400.patch: Ensure a proper stack alignment in libvncserver/translate.c. - CVE-2020-14400 * SECURITY UPDATE: integer overflow in bitwise operation on pixel_value - debian/patches/CVE-2020-14401.patch: Cast variable to 64 bit before performing bitwise operation. - CVE-2020-14401 * SECURITY UPDATE: out-of-bounds access via encodings - debian/patches/CVE-2020-14402_CVE-2020-14403_CVE-2020-14404.patch: Check bounds before accessing array value in libvncserver/corre.c, libvncserver/hextile.c and libvncserver/rre.c - CVE-2020-14402 - CVE-2020-14403 - CVE-2020-14404 * SECURITY UPDATE: unchecked TextChat allocation size - debian/patches/CVE-2020-14405.patch: Limit max TextChat size in libvncclient/rfbproto.c. - CVE-2020-14405 Checksums-Sha1: 9646aa542e7f62b2446f4105472c2d9df4ab0478 150844 libvncclient1-dbg_0.9.11+dfsg-1ubuntu1.3_ppc64el.deb 9b2b52062f741d58bcc6a938ea7ecf231b0466ce 65408 libvncclient1_0.9.11+dfsg-1ubuntu1.3_ppc64el.deb 73e521f6590111710c21e7e240c0188ead037ce1 20636 libvncserver-config_0.9.11+dfsg-1ubuntu1.3_ppc64el.deb 4cd58d30630bd4404e5123d765fb1abf2ee933d7 248724 libvncserver-dev_0.9.11+dfsg-1ubuntu1.3_ppc64el.deb 380fe01283c1b5d198d6afa03677643afc98d9b9 411108 libvncserver1-dbg_0.9.11+dfsg-1ubuntu1.3_ppc64el.deb fcba12ec5861aec313823fd60fbdc9aa47bf0a2a 138064 libvncserver1_0.9.11+dfsg-1ubuntu1.3_ppc64el.deb 047a9087175f518f0997b310426ea8e960d433c5 7782 libvncserver_0.9.11+dfsg-1ubuntu1.3_ppc64el.buildinfo Checksums-Sha256: 750c8e111e500999ae041351a9696307cfa0bf3e503b3956a756b3e524410042 150844 libvncclient1-dbg_0.9.11+dfsg-1ubuntu1.3_ppc64el.deb 5b071edff2510b1391e7a8fde161cb3e45d51a24c5622abc7389e7d1959aef1f 65408 libvncclient1_0.9.11+dfsg-1ubuntu1.3_ppc64el.deb ba1fc86a57e0421862de33e91fd6be93a5ab905c9bf1d6c7bb4e16e91e740a27 20636 libvncserver-config_0.9.11+dfsg-1ubuntu1.3_ppc64el.deb 9242606f4cdc9699086815ca54ec09f13cc8ca1d04dbe27a724a7089819f7aaf 248724 libvncserver-dev_0.9.11+dfsg-1ubuntu1.3_ppc64el.deb 057dcbee174a280a1083e02f5bd06d5073362c05cc7543634e0162f7aacdeba8 411108 libvncserver1-dbg_0.9.11+dfsg-1ubuntu1.3_ppc64el.deb 5773fd5f7f63004f6740c1359e197f6736abac5d3005696c981ac39cc3fcfe80 138064 libvncserver1_0.9.11+dfsg-1ubuntu1.3_ppc64el.deb fd471bec28ae0a46e6cf09f9d4160d3dc2f9b44325f06448280f0c5962f60557 7782 libvncserver_0.9.11+dfsg-1ubuntu1.3_ppc64el.buildinfo Files: 4a5e5b77491999a24014a2c005e5d4ca 150844 debug extra libvncclient1-dbg_0.9.11+dfsg-1ubuntu1.3_ppc64el.deb 8b4d1b206e1806c53e25c80bdf6694f4 65408 libs optional libvncclient1_0.9.11+dfsg-1ubuntu1.3_ppc64el.deb 73c0ba960e27d88a8bc7488583ee1173 20636 libdevel optional libvncserver-config_0.9.11+dfsg-1ubuntu1.3_ppc64el.deb c633163bcaaff779b3b7a76d3d850526 248724 libdevel optional libvncserver-dev_0.9.11+dfsg-1ubuntu1.3_ppc64el.deb d8f224dd3ac7e31a86397226a5dbea67 411108 debug extra libvncserver1-dbg_0.9.11+dfsg-1ubuntu1.3_ppc64el.deb 588115eb8cf75ec7c19f99d156b10b7c 138064 libs optional libvncserver1_0.9.11+dfsg-1ubuntu1.3_ppc64el.deb 1f55edb858541d86501ae1039dcd92af 7782 libs optional libvncserver_0.9.11+dfsg-1ubuntu1.3_ppc64el.buildinfo Original-Maintainer: Peter Spiess-Knafl