Public bug reported:
Please sync libvncserver 0.9.9+dfsg-6.1 (main) from Debian unstable
(main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: denial of service and possible code execution via
integer overflow and lack of malloc error handling in
MallocFrameBuffer()
- debian/patches/CVE-2014-6051-6052.patch: check size and handle
return code in libvncclient/vncviewer.c, handle return code in
libvncclient/rfbproto.c.
- CVE-2014-6051
- CVE-2014-6052
* SECURITY UPDATE: denial of service via large ClientCutText message
- debian/patches/CVE-2014-6053.patch: check malloc result in
libvncserver/rfbserver.c.
- CVE-2014-6053
* SECURITY UPDATE: denial of service via zero scaling factor
- debian/patches/CVE-2014-6054.patch: prevent zero scaling factor in
libvncserver/rfbserver.c, check for integer overflow in
libvncserver/scale.c.
- CVE-2014-6054
* SECURITY UPDATE: denial of service and possible code execution via
stack overflows in File Transfer feature
- debian/patches/CVE-2014-6055.patch: check sizes in
libvncserver/rfbserver.c.
- CVE-2014-6055
* SECURITY UPDATE: denial of service and possible code execution via
integer overflow and lack of malloc error handling in
MallocFrameBuffer()
- debian/patches/CVE-2014-6051-6052.patch: check size and handle
return code in libvncclient/vncviewer.c, handle return code in
libvncclient/rfbproto.c.
- CVE-2014-6051
- CVE-2014-6052
* SECURITY UPDATE: denial of service via large ClientCutText message
- debian/patches/CVE-2014-6053.patch: check malloc result in
libvncserver/rfbserver.c.
- CVE-2014-6053
* SECURITY UPDATE: denial of service via zero scaling factor
- debian/patches/CVE-2014-6054.patch: prevent zero scaling factor in
libvncserver/rfbserver.c, check for integer overflow in
libvncserver/scale.c.
- CVE-2014-6054
* SECURITY UPDATE: denial of service and possible code execution via
stack overflows in File Transfer feature
- debian/patches/CVE-2014-6055.patch: check sizes in
libvncserver/rfbserver.c.
- CVE-2014-6055
Debian fixed them too
Changelog entries since current vivid version 0.9.9+dfsg-6ubuntu1:
libvncserver (0.9.9+dfsg-6.1) unstable; urgency=medium
* Non-maintainer upload.
* CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055:
Multiple issues in libVNCserver -- cherry picking targeted fixed from
upstream (Closes: #762745)
-- Tobias Frost <t...@debian.org> Sun, 23 Nov 2014 16:19:53 +0100
** Affects: libvncserver (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libvncserver in Ubuntu.
https://bugs.launchpad.net/bugs/1399584
Title:
Sync libvncserver 0.9.9+dfsg-6.1 (main) from Debian unstable (main)
Status in libvncserver package in Ubuntu:
New
Bug description:
Please sync libvncserver 0.9.9+dfsg-6.1 (main) from Debian unstable
(main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: denial of service and possible code execution via
integer overflow and lack of malloc error handling in
MallocFrameBuffer()
- debian/patches/CVE-2014-6051-6052.patch: check size and handle
return code in libvncclient/vncviewer.c, handle return code in
libvncclient/rfbproto.c.
- CVE-2014-6051
- CVE-2014-6052
* SECURITY UPDATE: denial of service via large ClientCutText message
- debian/patches/CVE-2014-6053.patch: check malloc result in
libvncserver/rfbserver.c.
- CVE-2014-6053
* SECURITY UPDATE: denial of service via zero scaling factor
- debian/patches/CVE-2014-6054.patch: prevent zero scaling factor in
libvncserver/rfbserver.c, check for integer overflow in
libvncserver/scale.c.
- CVE-2014-6054
* SECURITY UPDATE: denial of service and possible code execution via
stack overflows in File Transfer feature
- debian/patches/CVE-2014-6055.patch: check sizes in
libvncserver/rfbserver.c.
- CVE-2014-6055
* SECURITY UPDATE: denial of service and possible code execution via
integer overflow and lack of malloc error handling in
MallocFrameBuffer()
- debian/patches/CVE-2014-6051-6052.patch: check size and handle
return code in libvncclient/vncviewer.c, handle return code in
libvncclient/rfbproto.c.
- CVE-2014-6051
- CVE-2014-6052
* SECURITY UPDATE: denial of service via large ClientCutText message
- debian/patches/CVE-2014-6053.patch: check malloc result in
libvncserver/rfbserver.c.
- CVE-2014-6053
* SECURITY UPDATE: denial of service via zero scaling factor
- debian/patches/CVE-2014-6054.patch: prevent zero scaling factor in
libvncserver/rfbserver.c, check for integer overflow in
libvncserver/scale.c.
- CVE-2014-6054
* SECURITY UPDATE: denial of service and possible code execution via
stack overflows in File Transfer feature
- debian/patches/CVE-2014-6055.patch: check sizes in
libvncserver/rfbserver.c.
- CVE-2014-6055
Debian fixed them too
Changelog entries since current vivid version 0.9.9+dfsg-6ubuntu1:
libvncserver (0.9.9+dfsg-6.1) unstable; urgency=medium
* Non-maintainer upload.
* CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055:
Multiple issues in libVNCserver -- cherry picking targeted fixed from
upstream (Closes: #762745)
-- Tobias Frost <t...@debian.org> Sun, 23 Nov 2014 16:19:53 +0100
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvncserver/+bug/1399584/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
