[Git][security-tracker-team/security-tracker][master] Add CVE-2018-20020/libvncserver

Wed Dec 19 20:45:34 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
014855d1 by Salvatore Bonaccorso at 2018-12-19T20:45:08Z
Add CVE-2018-20020/libvncserver

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3521,7 +3521,11 @@ CVE-2018-20021 (LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c co
 	NOTE: https://github.com/LibVNC/libvncserver/commit/c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c
 	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-031-libvnc-infinite-loop/
 CVE-2018-20020 (LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains ...)
-	TODO: check
+	- libvncserver <unfixed>
+	NOTE: https://github.com/LibVNC/libvncserver/issues/250
+	NOTE: https://github.com/LibVNC/libvncserver/commit/09f2f3fb6a5a163e453e5c2979054670c39694bc
+	NOTE: https://github.com/LibVNC/libvncserver/commit/7b1ef0ffc4815cab9a96c7278394152bdc89dc4d
+	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-030-libvnc-heap-out-of-bound-write/
 CVE-2018-20019 (LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains ...)
 	TODO: check
 CVE-2018-20018 (S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/014855d121b821dee0036db1e88d8b616a2eb7c9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/014855d121b821dee0036db1e88d8b616a2eb7c9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181219/eec718a2/attachment.html>
