Public bug reported:
Please sync libvncserver 0.9.9+dfsg-6.1 (main) from Debian unstable
(main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: denial of service and possible code execution via
integer overflow and lack of malloc error handling in
MallocFrameBuffer()
- debian/patches/CVE-2014-6051-6052.patch: check size and handle
return code in libvncclient/vncviewer.c, handle return code in
libvncclient/rfbproto.c.
- CVE-2014-6051
- CVE-2014-6052
* SECURITY UPDATE: denial of service via large ClientCutText message
- debian/patches/CVE-2014-6053.patch: check malloc result in
libvncserver/rfbserver.c.
- CVE-2014-6053
* SECURITY UPDATE: denial of service via zero scaling factor
- debian/patches/CVE-2014-6054.patch: prevent zero scaling factor in
libvncserver/rfbserver.c, check for integer overflow in
libvncserver/scale.c.
- CVE-2014-6054
* SECURITY UPDATE: denial of service and possible code execution via
stack overflows in File Transfer feature
- debian/patches/CVE-2014-6055.patch: check sizes in
libvncserver/rfbserver.c.
- CVE-2014-6055
* SECURITY UPDATE: denial of service and possible code execution via
integer overflow and lack of malloc error handling in
MallocFrameBuffer()
- debian/patches/CVE-2014-6051-6052.patch: check size and handle
return code in libvncclient/vncviewer.c, handle return code in
libvncclient/rfbproto.c.
- CVE-2014-6051
- CVE-2014-6052
* SECURITY UPDATE: denial of service via large ClientCutText message
- debian/patches/CVE-2014-6053.patch: check malloc result in
libvncserver/rfbserver.c.
- CVE-2014-6053
* SECURITY UPDATE: denial of service via zero scaling factor
- debian/patches/CVE-2014-6054.patch: prevent zero scaling factor in
libvncserver/rfbserver.c, check for integer overflow in
libvncserver/scale.c.
- CVE-2014-6054
* SECURITY UPDATE: denial of service and possible code execution via
stack overflows in File Transfer feature
- debian/patches/CVE-2014-6055.patch: check sizes in
libvncserver/rfbserver.c.
- CVE-2014-6055
Debian fixed them too
Changelog entries since current vivid version 0.9.9+dfsg-6ubuntu1:
libvncserver (0.9.9+dfsg-6.1) unstable; urgency=medium
* Non-maintainer upload.
* CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055:
Multiple issues in libVNCserver -- cherry picking targeted fixed from
upstream (Closes: #762745)
-- Tobias Frost <t...@debian.org> Sun, 23 Nov 2014 16:19:53 +0100
** Affects: libvncserver (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1399584
Title:
Sync libvncserver 0.9.9+dfsg-6.1 (main) from Debian unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvncserver/+bug/1399584/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
