projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e5975c7) | patch
libvncserver: add upstream security fix for CVE-2018-7225
authorPeter Korsgaard <peter@korsgaard.com>
Sat, 9 Jun 2018 16:02:29 +0000 (18:02 +0200)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Sun, 10 Jun 2018 12:21:19 +0000 (14:21 +0200)
commita4f7700f0b40022f91c2d43f7d21c5a01487587e
tree2f74d156e4d92899b4692d1ecc2f6db5588b3217tree
parente5975c729e2ddb5321c48af23d9b5975d68165b0commit | diff
libvncserver: add upstream security fix for CVE-2018-7225

Fixes CVE-2018-7225 - An issue was discovered in LibVNCServer through
0.9.11.  rfbProcessClientNormalMessage() in rfbserver.c does not sanitize
msg.cct.length, leading to access to uninitialized and potentially sensitive
data or possibly unspecified other impact (e.g., an integer overflow) via
specially crafted VNC packets.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/libvncserver/0001-Limit-client-cut-text-length-to-1-MB.patch [new file with mode: 0644] blob