Makefile.am | 4 2 + 2 - 0 !
configure.ac | 3 0 + 3 - 0 !
2 files changed, 2 insertions(+), 5 deletions(-)

 do not consider webclients directory during build phase

Makefile.am | 6 1 + 5 - 0 !
configure.ac | 303 0 + 303 - 0 !
2 files changed, 1 insertion(+), 308 deletions(-)

 do not build x11vnc

client_examples/gtkvncviewer.c | 2 1 + 1 - 0 !
test/encodingstest.c | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 use format string argument with fprintf.

configure.ac | 2 0 + 2 - 0 !
rfb/rfbconfig.h | 4 1 + 3 - 0 !
rfb/rfbint.h | 3 0 + 3 - 0 !
3 files changed, 1 insertion(+), 8 deletions(-)

 avoid regenerating rfb/{rfbconfig,rfbint}.h.

libvncserver/sockets.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 do not segfault on listensock/listen6sock

acinclude.m4 | 10 8 + 2 - 0 !
1 file changed, 8 insertions(+), 2 deletions(-)

 add support for ppc64el

libvncclient.pc.in | 4 3 + 1 - 0 !
libvncserver.pc.in | 4 3 + 1 - 0 !
2 files changed, 6 insertions(+), 2 deletions(-)

 use libs.private to avoid unnecessary linkage

libvncclient/vncviewer.c | 20 19 + 1 - 0 !
1 file changed, 19 insertions(+), 1 deletion(-)

 fix integer overflow in mallocframebuffer() (cve-2014-6051)
 Promote integers to uint64_t to avoid integer overflow issue during
 frame buffer allocation for very large screen sizes

libvncclient/rfbproto.c | 10 7 + 3 - 0 !
libvncclient/vncviewer.c | 3 2 + 1 - 0 !
2 files changed, 9 insertions(+), 4 deletions(-)

  check for mallocframebuffer() return value (cve-2014-6052)
 If MallocFrameBuffer() returns FALSE, frame buffer pointer is left to
 NULL. Subsequent writes into that buffer could lead to memory
 corruption, or even arbitrary code execution.

libvncserver/rfbserver.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 check malloc() return value (cve-2014-6053)
 Check malloc() return value on client->server ClientCutText
 message. Client can send up to 2**32-1 bytes of text, and such a large
 allocation is likely to fail in case of high memory pressure. This would in a
 server crash (write at address 0).

libvncserver/rfbserver.c | 14 14 + 0 - 0 !
1 file changed, 14 insertions(+)

 do not accept a scaling factor of zero (cve-2014-6054)
 Do not accept a scaling factor of zero on
 PalmVNCSetScaleFactor and SetScale client->server messages. This would cause
 a division by zero and crash the server.

libvncserver/rfbserver.c | 57 44 + 13 - 0 !
1 file changed, 44 insertions(+), 13 deletions(-)

---

libvncclient/rfbproto.c | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 init libgcrypt before use

common/sha-private.h | 29 29 + 0 - 0 !
common/sha.h | 358 358 + 0 - 0 !
common/sha1.c | 414 414 + 0 - 0 !
libvncserver/Makefile.am | 2 1 + 1 - 0 !
libvncserver/rfbcrypto_included.c | 2 1 + 1 - 0 !
5 files changed, 803 insertions(+), 2 deletions(-)

 adding free sha1 implementation

libvncclient/rfbproto.c | 24 24 + 0 - 0 !
1 file changed, 24 insertions(+)

 [patch] fix heap overflows in the various rectangle fill functions

Altough rfbproto.c does check whether the overall FramebufferUpdate rectangle is
too large, some of the individual encoding decoders do not, which allows a
malicious server to overwrite parts of the heap.

libvncclient/ultra.c | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 [patch] fix heap overflow in the ultra.c decoder

The Ultra type tile decoder does not use the _safe variant of the LZO
decompress function, which allows a maliciuous server to overwrite parts of the
heap by sending a larger-than-specified LZO data stream.

libvncserver/rfbserver.c | 20 19 + 1 - 0 !
1 file changed, 19 insertions(+), 1 deletion(-)

 cve-2018-7225

Bug-Debian: https://bugs.debian.org/894045