commit vino for openSUSE:Factory

root Sat, 23 Nov 2019 15:05:22 -0800

Hello community,

here is the log from the commit of package vino for openSUSE:Factory checked in 
at 2019-11-24 00:04:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/vino (Old)
 and      /work/SRC/openSUSE:Factory/.vino.new.26869 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "vino"

Sun Nov 24 00:04:19 2019 rev:102 rq:749277 version:3.22.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/vino/vino.changes        2019-04-01 
12:31:06.941759701 +0200
+++ /work/SRC/openSUSE:Factory/.vino.new.26869/vino.changes     2019-11-24 
00:04:23.271066499 +0100
@@ -1,0 +2,6 @@
+Tue Nov 12 21:38:10 UTC 2019 - Michael Gorse <mgo...@suse.com>
+
+- Add vino-CVE-2019-15681.patch: fix uninitialized memory read in
+  LibVNCServer (boo#1155419 CVE-2019-15681).
+
+-------------------------------------------------------------------

New:
----
  vino-CVE-2019-15681.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ vino.spec ++++++
--- /var/tmp/diff_new_pack.FukUWr/_old  2019-11-24 00:04:24.163066591 +0100
+++ /var/tmp/diff_new_pack.FukUWr/_new  2019-11-24 00:04:24.167066591 +0100
@@ -26,6 +26,8 @@
 Source0:        
https://download.gnome.org/sources/vino/3.22/%{name}-%{version}.tar.xz
 # PATCH-FIX-UPSTREAM vino-error-on-wayland.patch boo#1122549 mgo...@suse.com 
-- have vino-server print an error if wayland is detected, rather than 
segfaulting.
 Patch0:         vino-error-on-wayland.patch
+# PATCH-FIX-UPSTREAM vino-CVE-2019-15681.patch boo#1155419 mgo...@suse.com -- 
fix uninitialized memory read in LibVNCServer.
+Patch1:         vino-CVE-2019-15681.patch
 
 BuildRequires:  fdupes
 BuildRequires:  intltool >= 0.50.0

++++++ vino-CVE-2019-15681.patch ++++++
diff -urp vino-3.22.0.orig/server/libvncserver/rfbserver.c 
vino-3.22.0/server/libvncserver/rfbserver.c
--- vino-3.22.0.orig/server/libvncserver/rfbserver.c    2015-08-28 
11:00:50.000000000 -0500
+++ vino-3.22.0/server/libvncserver/rfbserver.c 2019-11-12 14:48:04.702135937 
-0600
@@ -1534,6 +1534,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rf
     rfbServerCutTextMsg sct;
     rfbClientIteratorPtr iterator;
 
+    memset((char *)&sct, 0, sizeof(sct));
+
     iterator = rfbGetClientIterator(rfbScreen);
     while ((cl = rfbClientIteratorNext(iterator)) != NULL) {
         /* Client is not authenticated, ignore. See GNOME bug 678434. */

commit vino for openSUSE:Factory

Reply via email to