Mike Gabriel pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
207cbf32 by Mike Gabriel at 2019-11-28T14:34:00Z
veyon [libvncclient bundled]: Add Veyon to CVEs reported against src:pkg
libvncserver (client-part). All issues resolved.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -53160,6 +53160,7 @@ CVE-2018-20024 (LibVNC before commit
4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 co
{DSA-4383-1 DLA-1979-1 DLA-1617-1}
- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
- italc <removed>
+ - veyon 4.1.4+repack1-1
NOTE: https://github.com/LibVNC/libvncserver/issues/254
NOTE:
https://github.com/LibVNC/libvncserver/commit/4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7
NOTE:
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-034-libvnc-null-pointer-dereference/
@@ -53167,6 +53168,7 @@ CVE-2018-20023 (LibVNC before
8b06f835e259652b0ff026898014fc7297ade858 contains
{DSA-4383-1 DLA-1979-1 DLA-1617-1}
- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
- italc <removed>
+ - veyon 4.1.4+repack1-1
NOTE: https://github.com/LibVNC/libvncserver/issues/253
NOTE:
https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858
NOTE:
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/
@@ -53174,6 +53176,7 @@ CVE-2018-20022 (LibVNC before
2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains
{DSA-4383-1 DLA-1979-1 DLA-1617-1}
- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
- italc <removed>
+ - veyon 4.1.4+repack1-1
NOTE: https://github.com/LibVNC/libvncserver/issues/252
NOTE:
https://github.com/LibVNC/libvncserver/commit/2f5b2ad1c6c99b1ac6482c95844a84d66bb52838
NOTE:
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/
@@ -53181,6 +53184,7 @@ CVE-2018-20021 (LibVNC before commit
c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c co
{DSA-4383-1 DLA-1979-1 DLA-1617-1}
- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
- italc <removed>
+ - veyon 4.1.4+repack1-1
NOTE: https://github.com/LibVNC/libvncserver/issues/251
NOTE:
https://github.com/LibVNC/libvncserver/commit/c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c
NOTE:
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-031-libvnc-infinite-loop/
@@ -53188,6 +53192,7 @@ CVE-2018-20020 (LibVNC before commit
7b1ef0ffc4815cab9a96c7278394152bdc89dc4d co
{DSA-4383-1 DLA-1979-1 DLA-1617-1}
- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
- italc <removed>
+ - veyon 4.1.4+repack1-1
NOTE: https://github.com/LibVNC/libvncserver/issues/250
NOTE:
https://github.com/LibVNC/libvncserver/commit/09f2f3fb6a5a163e453e5c2979054670c39694bc
NOTE:
https://github.com/LibVNC/libvncserver/commit/7b1ef0ffc4815cab9a96c7278394152bdc89dc4d
@@ -53197,6 +53202,7 @@ CVE-2018-20748 (LibVNC before 0.9.12 contains multiple
heap out-of-bounds write
- libvncserver 0.9.11+dfsg-1.3 (bug #920941)
[stretch] - libvncserver <not-affected> (Incomplete fix for
CVE-2018-20019 not applied)
- italc <removed>
+ - veyon 4.1.7+repack1-1
NOTE:
https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
NOTE:
https://github.com/LibVNC/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c
NOTE:
https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7
@@ -154338,12 +154344,14 @@ CVE-2016-9942 (Heap-based buffer overflow in
ultra.c in LibVNCClient in LibVNCSe
{DSA-3753-1 DLA-1979-1 DLA-777-1}
- libvncserver 0.9.11+dfsg-1 (bug #850008)
- italc <removed>
+ - veyon 4.1.4+repack1-1
NOTE: https://github.com/LibVNC/libvncserver/pull/137
NOTE:
https://github.com/LibVNC/libvncserver/pull/137/commits/5fff4353f66427b467eb29e5fdc1da4f2be028bb
CVE-2016-9941 (Heap-based buffer overflow in rfbproto.c in LibVNCClient in
LibVNCServ ...)
{DSA-3753-1 DLA-1979-1 DLA-777-1}
- libvncserver 0.9.11+dfsg-1 (bug #850007)
- italc <removed>
+ - veyon 4.1.4+repack1-1
NOTE: https://github.com/LibVNC/libvncserver/pull/137
NOTE:
https://github.com/LibVNC/libvncserver/pull/137/commits/5418e8007c248bf9668d22a8c1fa9528149b69f2
CVE-2016-9940
@@ -229614,11 +229622,13 @@ CVE-2014-6052 (The HandleRFBServerMessage function
in libvncclient/rfbproto.c in
{DSA-3081-1 DLA-1979-1 DLA-197-1}
- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
- italc <removed>
+ - veyon 4.1.4+repack1-1
NOTE:
https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812
CVE-2014-6051 (Integer overflow in the MallocFrameBuffer function in
vncviewer.c in L ...)
{DSA-3081-1 DLA-1979-1 DLA-197-1}
- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
- italc <removed>
+ - veyon 4.1.4+repack1-1
NOTE:
https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273
CVE-2014-6050 (phpMyFAQ before 2.8.13 allows remote attackers to bypass the
CAPTCHA p ...)
NOT-FOR-US: phpMyFAQ
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/207cbf32d062408f61e40ef021ff36da759380ee
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/207cbf32d062408f61e40ef021ff36da759380ee
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
