deepcrayon/buildroot
deepcrayon/buildroot
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
buildroot/package/libvncserver/libvncserver.hash
Fabrice Fontaine e1b60ef181 package/libvncserver: security bump to version 0.9.13 
- Drop all patches (already in version)
- Fix CVE-2018-21247: An issue was discovered in LibVNCServer before
  0.9.13. There is an information leak (of uninitialized memory contents)
  in the libvncclient/rfbproto.c ConnectToRFBRepeater function.
- Fix CVE-2019-20839: libvncclient/sockets.c in LibVNCServer before
  0.9.13 has a buffer overflow via a long socket filename.
- Fix CVE-2019-20840: An issue was discovered in LibVNCServer before
  0.9.13. libvncserver/ws_decode.c can lead to a crash because of
  unaligned accesses in hybiReadAndDecode.
- Fix CVE-2020-14396: An issue was discovered in LibVNCServer before
  0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.
- Fix CVE-2020-14397: An issue was discovered in LibVNCServer before
  0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
- Fix CVE-2020-14398: An issue was discovered in LibVNCServer before
  0.9.13. An improperly closed TCP connection causes an infinite loop in
  libvncclient/sockets.c.
- Fix CVE-2020-14399: An issue was discovered in LibVNCServer before
  0.9.13. Byte-aligned data is accessed through uint32_t pointers in
  libvncclient/rfbproto.c.
- Fix CVE-2020-14400: An issue was discovered in LibVNCServer before
  0.9.13. Byte-aligned data is accessed through uint16_t pointers in
  libvncserver/translate.c.
- Fix CVE-2020-14401: An issue was discovered in LibVNCServer before
  0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
- Fix CVE-2020-14402: An issue was discovered in LibVNCServer before
  0.9.13. libvncserver/corre.c allows out-of-bounds access via
  encodings.
- Fix CVE-2020-14403: An issue was discovered in LibVNCServer before
  0.9.13. libvncserver/hextile.c allows out-of-bounds access via
  encodings.
- Fix CVE-2020-14404: An issue was discovered in LibVNCServer before
  0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.
- Fix CVE-2020-14405: An issue was discovered in LibVNCServer before
  0.9.13. libvncclient/rfbproto.c does not limit TextChat size.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-07-14 22:51:52 +02:00

4 lines
203 B
Plaintext
Raw Blame History

# Locally computed:
sha256 0ae5bb9175dc0a602fe85c1cf591ac47ee5247b87f2bf164c16b05f87cbfa81a LibVNCServer-0.9.13.tar.gz
sha256 4d23c8c814e5baf007d854f01d8502e77dc56a41144934e003fb32c4e052d20f COPYING
Reference in a new issue View git blame Copy permalink