This bug was fixed in the package krfb - 4:4.13.0-0ubuntu1.1
---------------
krfb (4:4.13.0-0ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service or possible code execution via
integer overflow in liblzo2 in libvncserver in krfb
- debian/patches/upstream_libvncserver-CVE-2014-4607.diff:
check for overflow in libvncserver/lzoconf.h libvncserver/lzodefs.h
libvncserver/minilzo.c libvncserver/minilzo.h
- CVE-2014-4607
- http://www.kde.org/info/security/advisory-20140803-1.txt
- LP: #1352421
-- Jonathan Riddell <jridd...@ubuntu.com> Mon, 04 Aug 2014 17:36:30 +0200
** Changed in: krfb (Ubuntu Trusty)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1352421
Title:
possible denial of service or code execution via integer overflow
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krfb/+bug/1352421/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
