projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8b3f8df) | patch
package/libvncserver: fix CVE-2018-20750
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Tue, 3 Mar 2020 19:02:31 +0000 (20:02 +0100)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Tue, 3 Mar 2020 21:10:09 +0000 (22:10 +0100)
commitb10cee53265b0ddd195a26569caa8909d82e8c04
tree91d0e0edf179f96dabcfd12ff01c12403c2eb096tree
parent8b3f8df76e5a91c99ce816ed166cfbdf5e35c427commit | diff
package/libvncserver: fix CVE-2018-20750

LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability
in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/libvncserver/0003-Limit-lenght-to-INT_MAX-bytes-in-rfbProcessFileTransferReadBuffer.patch [new file with mode: 0644] blob
package/libvncserver/libvncserver.mk diff | blob | history