[Git][security-tracker-team/security-tracker][master] 4 commits: data/CVE/list: tightvnc is affected by CVE-2014-6053, too.

Fri Dec 20 21:37:24 GMT 2019


Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b493bf6b by Mike Gabriel at 2019-12-20T21:36:58Z
data/CVE/list: tightvnc is affected by CVE-2014-6053, too.

- - - - -
372c248d by Mike Gabriel at 2019-12-20T21:36:59Z
data/CVE/list: Drop tightvnc from CVE-2018-20020, covered for tightvnc specifically by CVE-2019-8287

- - - - -
092537f1 by Mike Gabriel at 2019-12-20T21:37:00Z
data/CVE/list: identify CVE-2019-8287/tightvnc as identical to CVE-2018-20020/libvncserver

- - - - -
140b395d by Mike Gabriel at 2019-12-20T21:37:00Z
data/CVE/list: Add patches to CVE-2019-156{78,79,80}.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18753,12 +18753,17 @@ CVE-2019-15681 (LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a co
 CVE-2019-15680 (TightVNC code version 1.3.10 contains null pointer dereference in Hand ...)
 	- tightvnc <unfixed> (bug #945364)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
+	NOTE: https://github.com/sunweaver/libvncserver/commit/85d00057b5daf71675462c9b175d8cb2d47cd0e1
 CVE-2019-15679 (TightVNC code version 1.3.10 contains heap buffer overflow in Initiali ...)
 	- tightvnc <unfixed> (bug #945364)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
+	NOTE: https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7
+	NOTE: part of CVE-2018-20748/libvncserver
 CVE-2019-15678 (TightVNC code version 1.3.10 contains heap buffer overflow in rfbServe ...)
 	- tightvnc <unfixed> (bug #945364)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
+	NOTE: https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
+	NOTE: part of CVE-2018-20748/libvnvserver
 CVE-2019-15677
 	RESERVED
 CVE-2019-15676
@@ -42197,6 +42202,7 @@ CVE-2019-8288 (Vulnerability in Online Store v1.0, Stored XSS in user_view.php w
 CVE-2019-8287 (TightVNC code version 1.3.10 contains global buffer overflow in Handle ...)
 	- tightvnc <unfixed> (bug #945364)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
+	NOTE: same as CVE-2018-20020/libvncserver
 CVE-2019-8286 (Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Sec ...)
 	NOT-FOR-US: Kaspersky
 CVE-2019-8285 (Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-b ...)
@@ -59192,12 +59198,12 @@ CVE-2018-20020 (LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d co
 	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
 	- italc <removed>
 	- ssvnc 1.0.29-5 (bug #945827)
-	- tightvnc <unfixed>
 	- veyon 4.1.4+repack1-1
 	NOTE: https://github.com/LibVNC/libvncserver/issues/250
 	NOTE: https://github.com/LibVNC/libvncserver/commit/09f2f3fb6a5a163e453e5c2979054670c39694bc
 	NOTE: https://github.com/LibVNC/libvncserver/commit/7b1ef0ffc4815cab9a96c7278394152bdc89dc4d
 	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-030-libvnc-heap-out-of-bound-write/
+	NOTE: same as CVE-2019-8287/tightvnc
 CVE-2018-20748 (LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulner ...)
 	{DLA-1979-1 DLA-1652-1}
 	- libvncserver 0.9.11+dfsg-1.3 (bug #920941)
@@ -235682,6 +235688,7 @@ CVE-2014-6053 (The rfbProcessClientNormalMessage function in libvncserver/rfbser
 	{DSA-3081-1 DLA-2014-1 DLA-1979-1 DLA-197-1}
 	- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
 	- italc 1:3.0.1+dfsg1-1
+	- tightvnc <unfixed>
 	- vino <unfixed> (bug #945784)
 	NOTE: https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
 CVE-2014-6052 (The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibV ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e7dfa1ea85abc9b4cef1d2dce4d8c2d9fa8daac2...140b395d905bab492771c8bf6744e44fe8366b3c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e7dfa1ea85abc9b4cef1d2dce4d8c2d9fa8daac2...140b395d905bab492771c8bf6744e44fe8366b3c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191220/596b215f/attachment.html>
