Package: libvncserver / 0.9.11+dfsg-1.3

Metadata

Package Version Patches format
libvncserver 0.9.11+dfsg-1.3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
remove libpng.patch | (download)

rfb/rfbconfig.h.cmake | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 remove libpng support.
Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725480

0001 ignore_webclients.patch | (download)

Makefile.am | 4 2 + 2 - 0 !
configure.ac | 3 0 + 3 - 0 !
2 files changed, 2 insertions(+), 5 deletions(-)

 ignore_webclients


CVE 2018 7225.patch | (download)

libvncserver/rfbserver.c | 20 19 + 1 - 0 !
1 file changed, 19 insertions(+), 1 deletion(-)

 cve-2018-7225

Bug-Debian: https://bugs.debian.org/894045
CVE 2018 15126/0001 tightvnc filetransfer tie the download thread to the.patch | (download)

libvncserver/tightvnc-filetransfer/handlefiletransferrequest.c | 3 1 + 2 - 0 !
libvncserver/tightvnc-filetransfer/rfbtightproto.h | 1 1 + 0 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 [1/5] tightvnc-filetransfer: tie the download thread to the control
 structure
CVE 2018 15126/0002 tightvnc filetransfer refactor CloseUndoneFileTransf.patch | (download)

libvncserver/tightvnc-filetransfer/filetransfermsg.c | 12 10 + 2 - 0 !
libvncserver/tightvnc-filetransfer/filetransfermsg.h | 3 2 + 1 - 0 !
libvncserver/tightvnc-filetransfer/handlefiletransferrequest.c | 8 4 + 4 - 0 !
3 files changed, 16 insertions(+), 7 deletions(-)

 [2/5] tightvnc-filetransfer: refactor closeundonefiletransfer() into
 two functions
CVE 2018 15126/0003 tightvnc filetransfer wait for download thread end i.patch | (download)

libvncserver/tightvnc-filetransfer/filetransfermsg.c | 2 2 + 0 - 0 !
libvncserver/tightvnc-filetransfer/rfbtightserver.c | 7 5 + 2 - 0 !
2 files changed, 7 insertions(+), 2 deletions(-)

 [3/5] tightvnc-filetransfer: wait for download thread end in
 CloseUndoneFileDownload()
CVE 2018 15126/0004 tightvnc filetransfer when creating a new download t.patch | (download)

libvncserver/tightvnc-filetransfer/handlefiletransferrequest.c | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 [4/5] tightvnc-filetransfer: when creating a new download thread,
 make sure the previous one ends
CVE 2018 15126/0005 tightvnc filetransfer do not close stuff from within.patch | (download)

libvncserver/tightvnc-filetransfer/handlefiletransferrequest.c | 6 0 + 6 - 0 !
1 file changed, 6 deletions(-)

 [5/5] tightvnc-filetransfer: do not close stuff from within a thread
CVE 2018 15127/0001 LibVNCServer fix heap out of bound write access.patch | (download)

libvncserver/rfbserver.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 libvncserver: fix heap out-of-bound write access
CVE 2018 20019/0001 LibVNCClient fix three possible heap buffer overflow.patch | (download)

libvncclient/rfbproto.c | 10 6 + 4 - 0 !
1 file changed, 6 insertions(+), 4 deletions(-)

 libvncclient: fix three possible heap buffer overflows
CVE 2018 20020/0001 LibVNCClient make sure ReadFromRFBServer does not wr.patch | (download)

libvncclient/corre.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 libvncclient: make sure readfromrfbserver() does not write after
 buffer end in CoRRE decoding
CVE 2018 20020/0002 LibVNCClient really fix 250.patch | (download)

libvncclient/corre.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 libvncclient: really fix #250
CVE 2018 20021/0001 LibVNCClient fix possible infinite loop.patch | (download)

libvncclient/rfbproto.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 libvncclient: fix possible infinite loop
CVE 2018 20022/0001 LibVNCClient don t leak uninitialised memory to remo.patch | (download)

libvncclient/rfbproto.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 libvncclient: don't leak uninitialised memory to remote
CVE 2018 20023/0001 When connecting to a repeater only send initialised .patch | (download)

examples/repeater.c | 10 8 + 2 - 0 !
libvncclient/rfbproto.c | 8 6 + 2 - 0 !
2 files changed, 14 insertions(+), 4 deletions(-)

 when connecting to a repeater, only send initialised string
CVE 2018 20024/0001 LibVNCClient make sure Ultra decoding cannot derefer.patch | (download)

libvncclient/ultra.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 libvncclient: make sure ultra decoding cannot dereference a null
 pointer
CVE 2018 6307/0001 tightvnc filetransfer fix heap use after free.patch | (download)

libvncserver/tightvnc-filetransfer/handlefiletransferrequest.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 tightvnc-filetransfer: fix heap use-after-free
CVE 2018 20748/0001 LibVNCClient ignore server sent cut text longer than.patch | (download)

libvncclient/rfbproto.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 libvncclient: ignore server-sent cut text longer than 1mb
CVE 2018 20748/0002 LibVNCClient ignore server sent reason strings longe.patch | (download)

libvncclient/rfbproto.c | 45 21 + 24 - 0 !
1 file changed, 21 insertions(+), 24 deletions(-)

 libvncclient: ignore server-sent reason strings longer than 1mb
CVE 2018 20748/0003 LibVNCClient fail on server sent desktop name length.patch | (download)

libvncclient/rfbproto.c | 8 6 + 2 - 0 !
1 file changed, 6 insertions(+), 2 deletions(-)

 libvncclient: fail on server-sent desktop name lengths longer than
 1MB
CVE 2018 20748/0004 LibVNCClient remove now useless cast.patch | (download)

libvncclient/rfbproto.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 libvncclient: remove now-useless cast
CVE 2018 20749/0001 Error out in rfbProcessFileTransferReadBuffer if len.patch | (download)

libvncserver/rfbserver.c | 14 12 + 2 - 0 !
1 file changed, 12 insertions(+), 2 deletions(-)

 error out in rfbprocessfiletransferreadbuffer if length can not be
 allocated
CVE 2018 20750/0001 Limit lenght to INT_MAX bytes in rfbProcessFileTrans.patch | (download)

libvncserver/rfbserver.c | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

 limit lenght to int_max bytes in rfbprocessfiletransferreadbuffer()