projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fb8186d) | patch
package/libvncserver: fix CVE-2019-20788
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sat, 2 May 2020 20:07:47 +0000 (22:07 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Mon, 11 May 2020 07:24:37 +0000 (09:24 +0200)
commit705adbaf9a17ad7ada4af592491e56e3cbe618dd
treecce3a138876d9bf73d9f09b162255b2d926c2be3tree
parentfb8186d53e32be4669c1026da8adcd5325e3ab4dcommit | diff
package/libvncserver: fix CVE-2019-20788

libvncclient/cursor.c in LibVNCServer through 0.9.12 has a
HandleCursorShape integer overflow and heap-based buffer overflow via a
large height or width value. NOTE: this may overlap CVE-2019-15690.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/libvncserver/0006-libvncclient-cursor-limit-width-height-input-values.patch [new file with mode: 0644] blob
package/libvncserver/libvncserver.mk diff | blob | history