Package: libvncserver / 0.9.11+dfsg-1.3+deb10u4
Metadata
| Package | Version | Patches format |
|---|---|---|
| libvncserver | 0.9.11+dfsg-1.3+deb10u4 | 3.0 (quilt) |
Patch series
view the series file| Patch | File delta | Description |
|---|---|---|
| remove libpng.patch | (download) |
rfb/rfbconfig.h.cmake |
3 1 + 2 - 0 ! |
remove libpng support. Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725480 |
| 0001 ignore_webclients.patch | (download) |
Makefile.am |
4 2 + 2 - 0 ! |
ignore_webclients |
| CVE 2018 7225.patch | (download) |
libvncserver/rfbserver.c |
20 19 + 1 - 0 ! |
cve-2018-7225 Bug-Debian: https://bugs.debian.org/894045 |
| CVE 2018 15126/0001 tightvnc filetransfer tie the download thread to the.patch | (download) |
libvncserver/tightvnc-filetransfer/handlefiletransferrequest.c |
3 1 + 2 - 0 ! |
[1/5] tightvnc-filetransfer: tie the download thread to the control structure |
| CVE 2018 15126/0002 tightvnc filetransfer refactor CloseUndoneFileTransf.patch | (download) |
libvncserver/tightvnc-filetransfer/filetransfermsg.c |
12 10 + 2 - 0 ! |
[2/5] tightvnc-filetransfer: refactor closeundonefiletransfer() into two functions |
| CVE 2018 15126/0003 tightvnc filetransfer wait for download thread end i.patch | (download) |
libvncserver/tightvnc-filetransfer/filetransfermsg.c |
2 2 + 0 - 0 ! |
[3/5] tightvnc-filetransfer: wait for download thread end in CloseUndoneFileDownload() |
| CVE 2018 15126/0004 tightvnc filetransfer when creating a new download t.patch | (download) |
libvncserver/tightvnc-filetransfer/handlefiletransferrequest.c |
3 1 + 2 - 0 ! |
[4/5] tightvnc-filetransfer: when creating a new download thread, make sure the previous one ends |
| CVE 2018 15126/0005 tightvnc filetransfer do not close stuff from within.patch | (download) |
libvncserver/tightvnc-filetransfer/handlefiletransferrequest.c |
6 0 + 6 - 0 ! |
[5/5] tightvnc-filetransfer: do not close stuff from within a thread |
| CVE 2018 15127/0001 LibVNCServer fix heap out of bound write access.patch | (download) |
libvncserver/rfbserver.c |
2 1 + 1 - 0 ! |
libvncserver: fix heap out-of-bound write access |
| CVE 2018 20019/0001 LibVNCClient fix three possible heap buffer overflow.patch | (download) |
libvncclient/rfbproto.c |
10 6 + 4 - 0 ! |
libvncclient: fix three possible heap buffer overflows |
| CVE 2018 20020/0001 LibVNCClient make sure ReadFromRFBServer does not wr.patch | (download) |
libvncclient/corre.c |
2 1 + 1 - 0 ! |
libvncclient: make sure readfromrfbserver() does not write after buffer end in CoRRE decoding |
| CVE 2018 20020/0002 LibVNCClient really fix 250.patch | (download) |
libvncclient/corre.c |
2 1 + 1 - 0 ! |
libvncclient: really fix #250 |
| CVE 2018 20021/0001 LibVNCClient fix possible infinite loop.patch | (download) |
libvncclient/rfbproto.c |
2 1 + 1 - 0 ! |
libvncclient: fix possible infinite loop |
| CVE 2018 20022/0001 LibVNCClient don t leak uninitialised memory to remo.patch | (download) |
libvncclient/rfbproto.c |
2 2 + 0 - 0 ! |
libvncclient: don't leak uninitialised memory to remote |
| CVE 2018 20023/0001 When connecting to a repeater only send initialised .patch | (download) |
examples/repeater.c |
10 8 + 2 - 0 ! |
when connecting to a repeater, only send initialised string |
| CVE 2018 20024/0001 LibVNCClient make sure Ultra decoding cannot derefer.patch | (download) |
libvncclient/ultra.c |
4 4 + 0 - 0 ! |
libvncclient: make sure ultra decoding cannot dereference a null pointer |
| CVE 2018 6307/0001 tightvnc filetransfer fix heap use after free.patch | (download) |
libvncserver/tightvnc-filetransfer/handlefiletransferrequest.c |
2 2 + 0 - 0 ! |
tightvnc-filetransfer: fix heap use-after-free |
| CVE 2018 20748/0001 LibVNCClient ignore server sent cut text longer than.patch | (download) |
libvncclient/rfbproto.c |
5 5 + 0 - 0 ! |
libvncclient: ignore server-sent cut text longer than 1mb |
| CVE 2018 20748/0002 LibVNCClient ignore server sent reason strings longe.patch | (download) |
libvncclient/rfbproto.c |
45 21 + 24 - 0 ! |
libvncclient: ignore server-sent reason strings longer than 1mb |
| CVE 2018 20748/0003 LibVNCClient fail on server sent desktop name length.patch | (download) |
libvncclient/rfbproto.c |
8 6 + 2 - 0 ! |
libvncclient: fail on server-sent desktop name lengths longer than 1MB |
| CVE 2018 20748/0004 LibVNCClient remove now useless cast.patch | (download) |
libvncclient/rfbproto.c |
2 1 + 1 - 0 ! |
libvncclient: remove now-useless cast |
| CVE 2018 20749/0001 Error out in rfbProcessFileTransferReadBuffer if len.patch | (download) |
libvncserver/rfbserver.c |
14 12 + 2 - 0 ! |
error out in rfbprocessfiletransferreadbuffer if length can not be allocated |
| CVE 2018 20750/0001 Limit lenght to INT_MAX bytes in rfbProcessFileTrans.patch | (download) |
libvncserver/rfbserver.c |
7 6 + 1 - 0 ! |
limit lenght to int_max bytes in rfbprocessfiletransferreadbuffer() |
| CVE 2019 15681/0001 rfbserver don t leak stack memory to the remote.patch | (download) |
libvncserver/rfbserver.c |
2 2 + 0 - 0 ! |
[patch] rfbserver: don't leak stack memory to the remote Thanks go to Pavel Cheremushkin of Kaspersky for reporting. |
| use after free/1.patch | (download) |
libvncserver/main.c |
18 12 + 6 - 0 ! |
[patch] fix use-after-free |
| use after free/2.patch | (download) |
libvncserver/main.c |
29 26 + 3 - 0 ! |
[patch] fix the concurrent issue hapenning between the freeing of the client and the clientOutput thread |
| use after free/3.patch | (download) |
libvncserver/main.c |
5 4 + 1 - 0 ! |
[patch] check the return code of pipe |
| use after free/4.patch | (download) |
libvncserver/rfbserver.c |
5 5 + 0 - 0 ! |
[patch] rfbserver: don't close fd 0 accidentally pipe_notify_client_thread needs to be initialized to -1 |
| use after free/5.patch | (download) |
libvncserver/main.c |
2 2 + 0 - 0 ! |
[patch] avoid pthread_join if backgroundloop is false client_thread is created depending upon backgroundLoop, but joining without checking for same condition. so we are trying to join a garbage thread_id. |
| use after free/6.patch | (download) |
rfb/rfb.h |
4 3 + 1 - 0 ! |
[patch] move pipe_notify_client_thread to end of rfbclientrec in order to retain ABI compatibility. |
| 0002 set true color flag to 1.patch | (download) |
libvncclient/vncviewer.c |
2 1 + 1 - 0 ! |
[patch] issue #141: set truecolour flag to 1 instead of 255 |
| CVE 2019 15690/0001 heap buffer overflow.patch | (download) |
libvncclient/cursor.c |
5 5 + 0 - 0 ! |
--- |
| CVE 2019 20839.patch | (download) |
libvncclient/sockets.c |
4 4 + 0 - 0 ! |
[patch] libvncclient: bail out if unix socket name would overflow Closes #291 |
| CVE 2020 14397.patch | (download) |
libvncserver/rfbregion.c |
26 16 + 10 - 0 ! |
[patch] libvncserver: add missing null pointer checks |
| CVE 2020 14399.patch | (download) |
libvncclient/rfbproto.c |
11 7 + 4 - 0 ! |
[patch] libvncclient: fix pointer aliasing/alignment issue Accessing byte-aligned data through uint32_t pointers can cause crashes on some platforms or reduce the performance. Therefore ensure a proper stack alignment. |
| CVE 2020 14400.patch | (download) |
libvncserver/translate.c |
11 7 + 4 - 0 ! |
[patch] libvncserver: fix pointer aliasing/alignment issue Accessing byte-aligned data through uint16_t pointers can cause crashes on some platforms or reduce the performance. Therefore ensure a proper stack alignment. |
| CVE 2020 14401.patch | (download) |
libvncserver/scale.c |
2 1 + 1 - 0 ! |
[patch] libvncserver: scale: cast to 64 bit before shifting Since pixel_value is 64 bit the data type of the shift operand should be 64 bit too to prevent integer overflows. |
| CVE 2020 14402+14403+14404.patch | (download) |
libvncserver/corre.c |
2 1 + 1 - 0 ! |
[patch] libvncserver: encodings: prevent oob accesses |
| CVE 2020 14405.patch | (download) |
libvncclient/rfbproto.c |
3 3 + 0 - 0 ! |
[patch] libvncclient/rfbproto: limit max textchat size Addresses GitHub Security Lab (GHSL) Vulnerability Report `GHSL-2020-063`. Re #275 |