This bug was fixed in the package krfb - 4:4.13.0-0ubuntu1.1 --------------- krfb (4:4.13.0-0ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service or possible code execution via integer overflow in liblzo2 in libvncserver in krfb - debian/patches/upstream_libvncserver-CVE-2014-4607.diff: check for overflow in libvncserver/lzoconf.h libvncserver/lzodefs.h libvncserver/minilzo.c libvncserver/minilzo.h - CVE-2014-4607 - http://www.kde.org/info/security/advisory-20140803-1.txt - LP: #1352421 -- Jonathan Riddell <jridd...@ubuntu.com> Mon, 04 Aug 2014 17:36:30 +0200 ** Changed in: krfb (Ubuntu Trusty) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1352421 Title: possible denial of service or code execution via integer overflow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krfb/+bug/1352421/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs