Format: 1.8 Date: Wed, 07 Oct 2020 13:56:51 +0000 Source: italc Binary: italc-master italc-master-dbg italc-client italc-client-dbg italc-management-console italc-management-console-dbg libitalccore libitalccore-dbg Architecture: s390x Version: 1:2.0.2+dfsg1-4ubuntu0.1 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Paulo Flabiano Smorigo Description: italc-client - intelligent Teaching And Learning with Computers - client italc-client-dbg - intelligent Teaching And Learning with Computers - client debug s italc-management-console - intelligent Teaching And Learning with Computers - management con italc-management-console-dbg - intelligent Teaching And Learning with Computers - imc debug symb italc-master - intelligent Teaching And Learning with Computers - master italc-master-dbg - intelligent Teaching And Learning with Computers - master debug s libitalccore - intelligent Teaching And Learning with Computers - libraries libitalccore-dbg - intelligent Teaching And Learning with Computers - library debug Changes: italc (1:2.0.2+dfsg1-4ubuntu0.1) xenial-security; urgency=medium . * SECURITY UPDATE: Buffer overflow - debian/patches/libvncclient_CVE-2014-6051.patch: Fix integer overflow in MallocFrameBuffer(). - CVE-2014-6051 * SECURITY UPDATE: Memory leak - debian/patches/libvncclient_CVE-2014-6052.patch: Check for MallocFrameBuffer() return value. - debian/patches/libvncserver_CVE-2014-6053.patch: Check malloc() return value on client->server ClientCutText message. - debian/patches/libvncserver_CVE-2019-15681.patch: rfbserver: don't leak stack memory to the remote. - CVE-2014-6052 - CVE-2014-6053 - CVE-2019-15681 * SECURITY UPDATE: Division by zero - debian/patches/libvncserver_CVE-2014-6054.patch: Do not accept a scaling factor of zero. - CVE-2014-6054 * SECURITY UPDATE: Stack-based buffer overflow - debian/patches/libvncserver_CVE-2014-6055.patch: Fix multiple stack-based buffer overflows in file transfer feature. - CVE-2014-6055 * SECURITY UPDATE: Heap-based buffer overflow - debian/patches/libvncclient_CVE-2016-9941.patch: Fix heap overflows in the various rectangle fill functions. - debian/patches/libvncclient_CVE-2016-9942.patch: Fix heap overflow in the ultra.c decoder. - CVE-2016-9941 - CVE-2016-9942 * SECURITY UPDATE: Input sanitization - debian/patches/libvncserver_CVE-2018-7225.patch: Impose a limit of 1 MB so that the value fits into all of the types. - CVE-2018-7225 * SECURITY UPDATE: Heap out-of-bound write - debian/patches/libvnc_server+client_CVE-2018-15127-CVE-2018-20019.patch: fix three possible heap buffer overflows. - debian/patches/libvncclient_CVE-2018-20020.patch: heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution. - debian/patches/libvncclient_CVE-2018-20748-1.patch: LibVNCClient: ignore server-sent cut text longer than 1MB. - debian/patches/libvncclient_CVE-2018-20748-2.patch: LibVNCClient: ignore server-sent reason strings longer than. - debian/patches/libvncclient_CVE-2018-20748-3.patch: LibVNCClient: fail on server-sent desktop name lengths longer. - debian/patches/libvncclient_CVE-2018-20748-4.patch: LibVNCClient: remove now-useless cast. - debian/patches/libvncserver_CVE-2018-20749.patch: Error out in rfbProcessFileTransferReadBuffer if length can. - debian/patches/libvncserver_CVE-2018-20750.patch: Limit length to INT_MAX bytes in rfbProcessFileTransferReadBuffer(). - CVE-2018-15127 - CVE-2018-20019 - CVE-2018-20020 - CVE-2018-20748 - CVE-2018-20749 - CVE-2018-20750 * SECURITY UPDATE: Infinite loop - debian/patches/libvncclient_CVE-2018-20021.patch: Infinite loop vulnerability in VNC client code. - CVE-2018-20021 * SECURITY UPDATE: Improper Initialization - debian/patches/libvncclient_CVE-2018-20022.patch: Improper Initialization vulnerability in VNC client code. - debian/patches/libvncclient_CVE-2018-20023.patch: Improper Initialization vulnerability in VNC Repeater client. - CVE-2018-20022 - CVE-2018-20023 * SECURITY UPDATE: Null pointer dereference - debian/patches/libvncclient_CVE-2018-20024.patch: null pointer dereference in VNC client code that can result DoS. - CVE-2018-20024 Checksums-Sha1: 344fe0e1ff2ade7f7dda884d47676801a3453904 2293200 italc-client-dbg_2.0.2+dfsg1-4ubuntu0.1_s390x.deb 788f00e4f7d9f9d5731f9f7791402f84e589fda9 1190 italc-client-dbgsym_2.0.2+dfsg1-4ubuntu0.1_s390x.ddeb 63d7dc4175ae70e5241779e58ef5ff5248a5dffc 572994 italc-client_2.0.2+dfsg1-4ubuntu0.1_s390x.deb 161fb30ef9b4ec587dc7e1cdfcc321bb65ab76e1 761328 italc-management-console-dbg_2.0.2+dfsg1-4ubuntu0.1_s390x.deb 38a6f265a39a1b64583264e5ad3ea6507021ba91 1200 italc-management-console-dbgsym_2.0.2+dfsg1-4ubuntu0.1_s390x.ddeb 7aed26dbad55aafb08460867a04acb8c85b4900e 108664 italc-management-console_2.0.2+dfsg1-4ubuntu0.1_s390x.deb 0d2ad65a86996b08496b5183c2d7a3b028f266f1 1977522 italc-master-dbg_2.0.2+dfsg1-4ubuntu0.1_s390x.deb 595252d4c6c17bd97095ca19295f4f1738951c22 1192 italc-master-dbgsym_2.0.2+dfsg1-4ubuntu0.1_s390x.ddeb 408b6d3672d80ac99256d7ed4b47a22c138e7a9c 646968 italc-master_2.0.2+dfsg1-4ubuntu0.1_s390x.deb 0abe64de0ab7c9c91890581a94a47d8b576fcadd 2246984 libitalccore-dbg_2.0.2+dfsg1-4ubuntu0.1_s390x.deb c02afba0974882a70b827a55f22a94e182592699 1174 libitalccore-dbgsym_2.0.2+dfsg1-4ubuntu0.1_s390x.ddeb 61eef09948b91d5a27c73f41012c8b61931269bb 590520 libitalccore_2.0.2+dfsg1-4ubuntu0.1_s390x.deb Checksums-Sha256: 9675cee6bbb52d9040b223449770046555be9685645a2303234fa2939ed03efc 2293200 italc-client-dbg_2.0.2+dfsg1-4ubuntu0.1_s390x.deb eb6bb51231484e6eae66d158fbb28f6e9fb199b21bdba7454f6359bf20ccc6db 1190 italc-client-dbgsym_2.0.2+dfsg1-4ubuntu0.1_s390x.ddeb c7f7c4eb1705a43db4ec9cdd405122dc4fb416e56bd3e42fe7f82ee7176ac923 572994 italc-client_2.0.2+dfsg1-4ubuntu0.1_s390x.deb 8e0c3944dccf8b45be3ba225b93d43ea3dad627608cbd8988c15452bc9b241c7 761328 italc-management-console-dbg_2.0.2+dfsg1-4ubuntu0.1_s390x.deb 732404894d3cd5c150152f1248485fd5a858c87b3dfc57c58fca9c7026e6f0b4 1200 italc-management-console-dbgsym_2.0.2+dfsg1-4ubuntu0.1_s390x.ddeb 9be58102461067ca69b6dd4fac5768d499615917f8b96503bc1a983decf44922 108664 italc-management-console_2.0.2+dfsg1-4ubuntu0.1_s390x.deb 8730d5eea4c87a18471ec158cc707e078e70b666974c26f05fe9866a661f967a 1977522 italc-master-dbg_2.0.2+dfsg1-4ubuntu0.1_s390x.deb cd99921f87518be6ffeebb67dcfe6dd648aaa679c10377f021c05a5222a5dcf8 1192 italc-master-dbgsym_2.0.2+dfsg1-4ubuntu0.1_s390x.ddeb 7c440795a94df7e22433a5773f959b1b7fbfa9b86551c1b407de61b71f6e3f77 646968 italc-master_2.0.2+dfsg1-4ubuntu0.1_s390x.deb e539c6aaf4421e35b67df048122d6f12d301334df4ae2b78cb34e53d74f3860c 2246984 libitalccore-dbg_2.0.2+dfsg1-4ubuntu0.1_s390x.deb f083b79664712bdb0cf6044826ae15a4a88054178d03c1ea501101752ec6dde1 1174 libitalccore-dbgsym_2.0.2+dfsg1-4ubuntu0.1_s390x.ddeb 08924d26964608f94f88eb291925196308fcf636f2f303d57797b9f27fb49315 590520 libitalccore_2.0.2+dfsg1-4ubuntu0.1_s390x.deb Files: 1a4a48d0f6bd8791f5d4322ea741860b 2293200 debug extra italc-client-dbg_2.0.2+dfsg1-4ubuntu0.1_s390x.deb c5c5e2a92383e7ad8e4920ac007d58c0 1190 x11 extra italc-client-dbgsym_2.0.2+dfsg1-4ubuntu0.1_s390x.ddeb 332cdc813766e656bcb97c23188c4867 572994 x11 optional italc-client_2.0.2+dfsg1-4ubuntu0.1_s390x.deb 9b49cd12a6bba3f91a0ed7c8b693ebf6 761328 debug extra italc-management-console-dbg_2.0.2+dfsg1-4ubuntu0.1_s390x.deb 7ffd956e90055d54d5f574abf065c720 1200 x11 extra italc-management-console-dbgsym_2.0.2+dfsg1-4ubuntu0.1_s390x.ddeb 704aec0cda90f7f7527351b542cb2c92 108664 x11 optional italc-management-console_2.0.2+dfsg1-4ubuntu0.1_s390x.deb 33d0441ea718043fdd1249243483870d 1977522 debug extra italc-master-dbg_2.0.2+dfsg1-4ubuntu0.1_s390x.deb c7bff814bd8b501b14e3825513f4712d 1192 x11 extra italc-master-dbgsym_2.0.2+dfsg1-4ubuntu0.1_s390x.ddeb 38225eebcf94a9959e2225a5faa0de86 646968 x11 optional italc-master_2.0.2+dfsg1-4ubuntu0.1_s390x.deb 5ac41ae0d57468d8beaf7d2850edd549 2246984 debug extra libitalccore-dbg_2.0.2+dfsg1-4ubuntu0.1_s390x.deb 2e6ad7f59f060f0f8c737aa9e1ea1456 1174 x11 extra libitalccore-dbgsym_2.0.2+dfsg1-4ubuntu0.1_s390x.ddeb 641cfd5b1f376618ff792b842ffb3f04 590520 x11 optional libitalccore_2.0.2+dfsg1-4ubuntu0.1_s390x.deb Original-Maintainer: Debian Edu Packaging Team