[Git][security-tracker-team/security-tracker][master] Several tightvnc issues fixed in unstable

Salvatore Bonaccorso carnil at debian.org
Mon Dec 23 06:06:00 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7990e1f2 by Salvatore Bonaccorso at 2019-12-23T06:05:24Z
Several tightvnc issues fixed in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18783,7 +18783,7 @@ CVE-2019-15681 (LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a co
 	[stretch] - libvncserver <no-dsa> (Minor issue)
 	- italc <removed>
 	[stretch] - italc <no-dsa> (Minor issue)
-	- tightvnc <unfixed>
+	- tightvnc 1:1.3.9-9.1
 	[buster] - tightvnc <no-dsa> (Minor issue)
 	[stretch] - tightvnc <no-dsa> (Minor issue)
 	- vino <unfixed> (bug #945784)
@@ -18792,20 +18792,20 @@ CVE-2019-15681 (LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a co
 	NOTE: https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a
 CVE-2019-15680 (TightVNC code version 1.3.10 contains null pointer dereference in Hand ...)
 	{DLA-2045-1}
-	- tightvnc <unfixed> (unimportant; bug #945364)
+	- tightvnc 1:1.3.9-9.1 (unimportant; bug #945364)
 	- italc <removed> (unimportant)
 	- libvncserver <unfixed> (unimportant)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
 	NOTE: https://github.com/sunweaver/libvncserver/commit/85d00057b5daf71675462c9b175d8cb2d47cd0e1
 CVE-2019-15679 (TightVNC code version 1.3.10 contains heap buffer overflow in Initiali ...)
 	{DLA-2045-1}
-	- tightvnc <unfixed> (bug #945364)
+	- tightvnc 1:1.3.9-9.1 (bug #945364)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
 	NOTE: https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7
 	NOTE: part of CVE-2018-20748/libvncserver
 CVE-2019-15678 (TightVNC code version 1.3.10 contains heap buffer overflow in rfbServe ...)
 	{DLA-2045-1}
-	- tightvnc <unfixed> (bug #945364)
+	- tightvnc 1:1.3.9-9.1 (bug #945364)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
 	NOTE: https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
 	NOTE: part of CVE-2018-20748/libvnvserver
@@ -42259,7 +42259,7 @@ CVE-2019-8288 (Vulnerability in Online Store v1.0, Stored XSS in user_view.php w
 	NOT-FOR-US: Online Store System
 CVE-2019-8287 (TightVNC code version 1.3.10 contains global buffer overflow in Handle ...)
 	{DLA-2045-1}
-	- tightvnc <unfixed> (bug #945364)
+	- tightvnc 1:1.3.9-9.1 (bug #945364)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
 	NOTE: same as CVE-2018-20020/libvncserver
 CVE-2019-8286 (Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Sec ...)
@@ -59241,7 +59241,7 @@ CVE-2018-20022 (LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains
 	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
 	- italc <removed>
 	- ssvnc 1.0.29-5 (bug #945827)
-	- tightvnc <unfixed>
+	- tightvnc 1:1.3.9-9.1
 	- veyon 4.1.4+repack1-1
 	NOTE: https://github.com/LibVNC/libvncserver/issues/252
 	NOTE: https://github.com/LibVNC/libvncserver/commit/2f5b2ad1c6c99b1ac6482c95844a84d66bb52838
@@ -59251,7 +59251,7 @@ CVE-2018-20021 (LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c co
 	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
 	- italc <removed>
 	- ssvnc 1.0.29-5 (bug #945827)
-	- tightvnc <unfixed>
+	- tightvnc 1:1.3.9-9.1
 	- veyon 4.1.4+repack1-1
 	NOTE: https://github.com/LibVNC/libvncserver/issues/251
 	NOTE: https://github.com/LibVNC/libvncserver/commit/c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c
@@ -97832,7 +97832,7 @@ CVE-2018-7225 (An issue was discovered in LibVNCServer through 0.9.11. rfbProces
 	{DSA-4221-1 DLA-2045-1 DLA-2014-1 DLA-1979-1 DLA-1332-1}
 	- libvncserver 0.9.11+dfsg-1.1 (bug #894045)
 	- italc <removed>
-	- tightvnc <unfixed>
+	- tightvnc 1:1.3.9-9.1
 	- vino <unfixed> (bug #945784)
 	NOTE: https://github.com/LibVNC/libvncserver/issues/218
 	NOTE: https://github.com/LibVNC/libvncserver/commit/b0c77391e6bd0a2305bbc9b37a2499af74ddd9ee
@@ -235762,7 +235762,7 @@ CVE-2014-6053 (The rfbProcessClientNormalMessage function in libvncserver/rfbser
 	{DSA-3081-1 DLA-2045-1 DLA-2014-1 DLA-1979-1 DLA-197-1}
 	- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
 	- italc 1:3.0.1+dfsg1-1
-	- tightvnc <unfixed>
+	- tightvnc 1:1.3.9-9.1
 	- vino <unfixed> (bug #945784)
 	NOTE: https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
 CVE-2014-6052 (The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibV ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7990e1f212b6b15e09d66daa6f6598b3e072b3a9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7990e1f212b6b15e09d66daa6f6598b3e072b3a9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191223/8740735f/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list