Commits · debian/0.9.9+dfsg2-6.1+deb8u8 · Debian Remote Packaging Team / libvncserver

30 Jun, 2020 1 commit
- upload to jessie-security (debian/0.9.9+dfsg2-6.1+deb8u8) · 0419f019
  Mike Gabriel authored Jun 30, 2020
  
  0419f019
29 Jun, 2020 7 commits
- debian/patches: Add CVE-2020-14405.patch (CVE-2020-14405).... · 57022e03
  Mike Gabriel authored Jun 29, 2020
```
debian/patches: Add CVE-2020-14405.patch (CVE-2020-14405). libvncclient/rfbproto: limit max textchat size.
```
  57022e03
- debian/patches: Add CVE-2020-14402+14403,14404}.patch (CVE-2020-14402,... · 4898cd1f
  Mike Gabriel authored Jun 29, 2020
```
debian/patches: Add CVE-2020-14402+14403,14404}.patch (CVE-2020-14402, CVE-2020-14403, CVE-2020-14404). libvncserver: encodings: prevent OOB accesses.
```
  4898cd1f
- debian/patches: Add CVE-2020-14401.patch (CVE-2020-14401). libvncserver:... · 61be5c2d
  Mike Gabriel authored Jun 29, 2020
```
debian/patches: Add CVE-2020-14401.patch (CVE-2020-14401). libvncserver: scale: cast to 64 bit before shifting.
```
  61be5c2d
- debian/patches: Add CVE-2020-14400.patch (CVE-2020-14400). libvncserver: fix... · d5f6d900
  Mike Gabriel authored Jun 29, 2020
```
debian/patches: Add CVE-2020-14400.patch (CVE-2020-14400). libvncserver: fix pointer aliasing/alignment issue.
```
  d5f6d900
- debian/patches: Add CVE-2020-14399.patch (CVE-2020-14399). libvncclient: fix... · 901d4387
  Mike Gabriel authored Jun 29, 2020
```
debian/patches: Add CVE-2020-14399.patch (CVE-2020-14399). libvncclient: fix pointer aliasing/alignment issue.
```
  901d4387
- debian/patches: Add CVE-2020-14397.patch (CVE-2020-14397). libvncserver: add... · 45156126
  Mike Gabriel authored Jun 29, 2020
```
debian/patches: Add CVE-2020-14397.patch (CVE-2020-14397). libvncserver: add missing NULL pointer checks.
```
  45156126
- debian/patches: Add CVE-2019-20839.patch (CVE-2019-20839). libvncclient: bail... · af819ff0
  Mike Gabriel authored Jun 29, 2020
```
debian/patches: Add CVE-2019-20839.patch (CVE-2019-20839). libvncclient: bail out if unix socket name would overflow..
```
  af819ff0
31 Mar, 2020 5 commits

Import Debian changes 0.9.9+dfsg2-6.1+deb8u7 · cdd1d0a2

Utkarsh Gupta authored Mar 17, 2020

libvncserver (0.9.9+dfsg2-6.1+deb8u7) jessie-security; urgency=high

  * Non-maintainer upload by the Debian LTS team.
  * Add patch to limit width/height input values to avoid a possible
    heap overflow. (Fixes: CVE-2019-15690) (Closes: #954163)

cdd1d0a2

Import Debian changes 0.9.9+dfsg2-6.1+deb8u6 · 28381be7

Mike Gabriel authored Oct 30, 2019

libvncserver (0.9.9+dfsg2-6.1+deb8u6) jessie-security; urgency=medium

  * Non-maintainer upload by the Debian LTS team.
  * CVE-2019-15681: rfbserver: don't leak stack memory to the remote.
    (Closes: #943793).

28381be7

Import Debian changes 0.9.9+dfsg2-6.1+deb8u5 · 2d252c4a

Emilio Pozuelo Monfort authored Jan 31, 2019

libvncserver (0.9.9+dfsg2-6.1+deb8u5) jessie-security; urgency=medium

  * Non-maintainer upload by the Debian LTS Team.
  * CVE-2018-20748: incomplete fix for CVE-2018-20019 oob heap writes.
  * CVE-2018-20749: incomplete fix for CVE-2018-15127 oob heap writes.
  * CVE-2018-20750: incomplete fix for CVE-2018-15127 oob heap writes.
  * CVE-2018-15126: heap use-after-free resulting in possible RCE.
  * debian/libvncserver0.symbols: update for the symbol changes in the
    CVE-2018-15126 patch, which split a function in two with new names.
    This is not really an ABI change as these symbols are private, i.e. not
    exported in any public headers, and only exported on the DSO because
    there's no filter applied.

2d252c4a

Import Debian changes 0.9.9+dfsg2-6.1+deb8u4 · 09c104cf

Abhijith PA authored Dec 23, 2018

libvncserver (0.9.9+dfsg2-6.1+deb8u4) jessie-security; urgency=medium

  * Non-maintainer upload by the Debian LTS Team.
  * CVE-2018-15127: heap out-of-bound write vulnerability (Closes: #916941)
  * CVE-2018-20019: multiple heap out-of-bound write vulnerabilities
  * CVE-2018-20020: heap out-of-bound write vulnerability inside structure
    in VNC client code
  * CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code.
  * CVE-2018-20022: CWE-665: Improper Initialization vulnerability
  * CVE-2018-20023:Improper Initialization vulnerability in VNC Repeater client
    code
  * CVE-2018-20024: null pointer dereference that can result DoS
  * CVE-2018-6307: heap use-after-free vulnerability in server code of
    file transfer extension

09c104cf

Import Debian changes 0.9.9+dfsg2-6.1+deb8u3 · 1e018c15

Markus Koschany authored Jun 05, 2018

libvncserver (0.9.9+dfsg2-6.1+deb8u3) jessie-security; urgency=high

  * Non-maintainer upload.
  * Fix CVE-2018-7225: Uninitialized and potentially sensitive data could be
    accessed by remote attackers because the msg.cct.length in rfbserver.c was
    not sanitized. (Closes: #894045)

1e018c15

03 Jan, 2017 4 commits
- Target to jessie-security · a62e13e9
  Peter Spiess-Knafl authored Jan 03, 2017
  
  a62e13e9
- changelog · 9e812441
  Peter Spiess-Knafl authored Jan 03, 2017
  
  9e812441
- Refreshed fuzzing patches · 33233d41
  Peter Spiess-Knafl authored Jan 03, 2017
  
  33233d41
- Added patches for CVE-2016-9441 and CVE-2016-9442 · c657d1bb
  Peter Spiess-Knafl authored Jan 03, 2017
  
  c657d1bb
27 May, 2015 5 commits
- changelog for +deb8u1 · 8cfb76cf
  Peter Spiess-Knafl authored May 27, 2015
  
  8cfb76cf
- Merge tag 'upstream/0.9.9+dfsg2' into jessie · 82a104ea
  Peter Spiess-Knafl authored May 27, 2015
```
Upstream version 0.9.9+dfsg2
```
  82a104ea
- Imported Upstream version 0.9.9+dfsg2 · 511d7c97
  Peter Spiess-Knafl authored May 27, 2015
  
  511d7c97
- fixing debian/copyright · 6b587325
  Peter Spiess-Knafl authored May 26, 2015
  
  6b587325
- replacing non-free sha1 implementation with a free one · 539e36f8
  Peter Spiess-Knafl authored May 26, 2015
  
  539e36f8
26 May, 2015 2 commits
- changed maintainer due to adoption · 440ca63e
  Peter Spiess-Knafl authored May 26, 2015
  
  440ca63e
- fixed version to 0.9.9+dfsg-6.1+deb8u1 · ce7ce24a
  Peter Spiess-Knafl authored May 26, 2015
  
  ce7ce24a
25 May, 2015 1 commit
- added patch for libgcrypt init before use (Closes: #782570) · ed523198
  Peter Spiess-Knafl authored May 26, 2015
  
  ed523198
11 Feb, 2015 1 commit
- Imported Upstream version 0.9.10+dfsg · 1f77230c
  Luca Falavigna authored Feb 11, 2015
  
  1f77230c
30 Jan, 2015 1 commit
- Imported Upstream version 0.9.10+dfsg · 6f5d2f54
  Peter Spiess-Knafl authored Jan 30, 2015
  
  6f5d2f54
30 Nov, 2014 1 commit
- Imported Debian patch 0.9.9+dfsg-6.1 · 33759d0e
  Tobias Frost authored Nov 23, 2014 and Luca Falavigna committed Nov 30, 2014
  
  33759d0e
12 Aug, 2014 3 commits
- Releasing 0.9.9+dfsg-6 · 2609bab1
  Luca Falavigna authored Aug 12, 2014
  
  2609bab1
- Depends on libgnutls28-dev for libvncserver-dev too · aeece084
  Luca Falavigna authored Aug 12, 2014
  
  aeece084
- Provide autopkgtests · 9b8f1dc8
  Luca Falavigna authored Aug 12, 2014
  
  9b8f1dc8
10 Aug, 2014 6 commits
- Point watch file to GitHub · 22fc03f9
  Luca Falavigna authored Aug 11, 2014
  
  22fc03f9
- Point Source field to the new download location · 945a98ee
  Luca Falavigna authored Aug 11, 2014
  
  945a98ee
- Point Homepage field to the new home page · 93440cde
  Luca Falavigna authored Aug 11, 2014
  
  93440cde
- Fix typo: libgnutls20-dev => libgnutls28-dev · 58bb3c33
  Luca Falavigna authored Aug 10, 2014
  
  58bb3c33
- Use Libs.private to avoid unnecessary linkage · 9e371dca
  Luca Falavigna authored Aug 10, 2014
  
  9e371dca
- Add missing patch description · dde99d1c
  Luca Falavigna authored Aug 10, 2014
  
  dde99d1c
01 Aug, 2014 2 commits
- Cherry-pick ubuntu ppc64el patch · 3d190d57
  Gianfranco Costamagna authored Aug 01, 2014
  
  3d190d57
- Use --without-png configure flag, instead of the build-conflict · 1efd6645
  Gianfranco Costamagna authored Aug 01, 2014
  
  1efd6645
01 Jul, 2014 1 commit
- (Build-)depends on libgnutls28-dev and libgcrypt20-dev · 5a3a741f
  Luca Falavigna authored Jul 01, 2014
  
  5a3a741f