projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 53f92e6) | patch
package/libvncserver: security bump to version 0.9.13
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Thu, 25 Jun 2020 22:00:58 +0000 (00:00 +0200)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Tue, 14 Jul 2020 20:51:52 +0000 (22:51 +0200)
commite1b60ef18142e19cda12feae9c396f0947c9e68c
treeeac5507da8087458c8401e6816a5f5d43320a649tree
parent53f92e65edf10831a65d8ad4f6403552b564c06dcommit | diff
package/libvncserver: security bump to version 0.9.13

- Drop all patches (already in version)
- Fix CVE-2018-21247: An issue was discovered in LibVNCServer before
  0.9.13. There is an information leak (of uninitialized memory contents)
  in the libvncclient/rfbproto.c ConnectToRFBRepeater function.
- Fix CVE-2019-20839: libvncclient/sockets.c in LibVNCServer before
  0.9.13 has a buffer overflow via a long socket filename.
- Fix CVE-2019-20840: An issue was discovered in LibVNCServer before
  0.9.13. libvncserver/ws_decode.c can lead to a crash because of
  unaligned accesses in hybiReadAndDecode.
- Fix CVE-2020-14396: An issue was discovered in LibVNCServer before
  0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.
- Fix CVE-2020-14397: An issue was discovered in LibVNCServer before
  0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
- Fix CVE-2020-14398: An issue was discovered in LibVNCServer before
  0.9.13. An improperly closed TCP connection causes an infinite loop in
  libvncclient/sockets.c.
- Fix CVE-2020-14399: An issue was discovered in LibVNCServer before
  0.9.13. Byte-aligned data is accessed through uint32_t pointers in
  libvncclient/rfbproto.c.
- Fix CVE-2020-14400: An issue was discovered in LibVNCServer before
  0.9.13. Byte-aligned data is accessed through uint16_t pointers in
  libvncserver/translate.c.
- Fix CVE-2020-14401: An issue was discovered in LibVNCServer before
  0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
- Fix CVE-2020-14402: An issue was discovered in LibVNCServer before
  0.9.13. libvncserver/corre.c allows out-of-bounds access via
  encodings.
- Fix CVE-2020-14403: An issue was discovered in LibVNCServer before
  0.9.13. libvncserver/hextile.c allows out-of-bounds access via
  encodings.
- Fix CVE-2020-14404: An issue was discovered in LibVNCServer before
  0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.
- Fix CVE-2020-14405: An issue was discovered in LibVNCServer before
  0.9.13. libvncclient/rfbproto.c does not limit TextChat size.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/libvncserver/0001-CMakeLists.txt-fix-build-without-C.patch [deleted file] blob | history
package/libvncserver/0002-libvnc-client-server-.pc.cmakein-remove-zlib.patch [deleted file] blob | history
package/libvncserver/0003-Limit-lenght-to-INT_MAX-bytes-in-rfbProcessFileTransferReadBuffer.patch [deleted file] blob | history
package/libvncserver/0004-rfbserver-don-t-leak-stack-memory-to-the-remote.patch [deleted file] blob | history
package/libvncserver/0005-CMakeLists.txt-don-t-build-tight.c-without-png-or-zl.patch [deleted file] blob | history
package/libvncserver/0006-libvncclient-cursor-limit-width-height-input-values.patch [deleted file] blob | history
package/libvncserver/libvncserver.hash diff | blob | history
package/libvncserver/libvncserver.mk diff | blob | history