[Git][security-tracker-team/security-tracker][master] data/CVE/list: Add italc to plenty CVEs filed against libvncserver. The iTALC...
Mike Gabriel
sunweaver at debian.org
Wed Oct 30 20:32:22 GMT 2019
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker
Commits:
35f397e8 by Mike Gabriel at 2019-10-30T20:32:00Z
data/CVE/list: Add italc to plenty CVEs filed against libvncserver. The iTALC src:pkg ships and uses a bundled copy-of-code version of libvncserver and libvncclient.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8569,6 +8569,7 @@ CVE-2019-15682 (RDesktop version 1.8.4 contains multiple out-of-bound access rea
CVE-2019-15681 (LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains ...)
{DLA-1977-1}
- libvncserver <unfixed> (bug #943793)
+ - italc <removed>
NOTE: https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a
CVE-2019-15680 (TightVNC code version 1.3.10 contains null pointer dereference in Hand ...)
- tightvnc <unfixed>
@@ -48615,30 +48616,35 @@ CVE-2018-20025 (Use of Insufficiently Random Values exists in CODESYS V3 product
CVE-2018-20024 (LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains ...)
{DSA-4383-1 DLA-1617-1}
- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
+ - italc <removed>
NOTE: https://github.com/LibVNC/libvncserver/issues/254
NOTE: https://github.com/LibVNC/libvncserver/commit/4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7
NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-034-libvnc-null-pointer-dereference/
CVE-2018-20023 (LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-66 ...)
{DSA-4383-1 DLA-1617-1}
- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
+ - italc <removed>
NOTE: https://github.com/LibVNC/libvncserver/issues/253
NOTE: https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858
NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/
CVE-2018-20022 (LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multip ...)
{DSA-4383-1 DLA-1617-1}
- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
+ - italc <removed>
NOTE: https://github.com/LibVNC/libvncserver/issues/252
NOTE: https://github.com/LibVNC/libvncserver/commit/2f5b2ad1c6c99b1ac6482c95844a84d66bb52838
NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/
CVE-2018-20021 (LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains ...)
{DSA-4383-1 DLA-1617-1}
- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
+ - italc <removed>
NOTE: https://github.com/LibVNC/libvncserver/issues/251
NOTE: https://github.com/LibVNC/libvncserver/commit/c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c
NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-031-libvnc-infinite-loop/
CVE-2018-20020 (LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains ...)
{DSA-4383-1 DLA-1617-1}
- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
+ - italc <removed>
NOTE: https://github.com/LibVNC/libvncserver/issues/250
NOTE: https://github.com/LibVNC/libvncserver/commit/09f2f3fb6a5a163e453e5c2979054670c39694bc
NOTE: https://github.com/LibVNC/libvncserver/commit/7b1ef0ffc4815cab9a96c7278394152bdc89dc4d
@@ -48646,6 +48652,7 @@ CVE-2018-20020 (LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d co
CVE-2018-20748 (LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulner ...)
{DLA-1652-1}
- libvncserver 0.9.11+dfsg-1.3 (bug #920941)
+ - italc <removed>
[stretch] - libvncserver <not-affected> (Incomplete fix for CVE-2018-20019 not applied)
NOTE: https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
NOTE: https://github.com/LibVNC/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c
@@ -48654,6 +48661,7 @@ CVE-2018-20748 (LibVNC before 0.9.12 contains multiple heap out-of-bounds write
CVE-2018-20019 (LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains ...)
{DSA-4383-1 DLA-1617-1}
- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
+ - italc <removed>
NOTE: https://github.com/LibVNC/libvncserver/issues/247
NOTE: https://github.com/LibVNC/libvncserver/commit/a83439b9fbe0f03c48eb94ed05729cb016f8b72f
NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/
@@ -65503,16 +65511,19 @@ CVE-2018-15128 (An issue was discovered in Polycom Group Series 6.1.6.1 and earl
CVE-2018-20750 (LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerabilit ...)
{DLA-1652-1}
- libvncserver 0.9.11+dfsg-1.3 (bug #920941)
+ - italc <removed>
[stretch] - libvncserver <not-affected> (Incomplete fix for CVE-2018-15127 not applied)
NOTE: https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec
CVE-2018-20749 (LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability ...)
{DLA-1652-1}
- libvncserver 0.9.11+dfsg-1.3 (bug #920941)
+ - italc <removed>
[stretch] - libvncserver <not-affected> (Incomplete fix for CVE-2018-15127 not applied)
NOTE: https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707
CVE-2018-15127 (LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains ...)
{DSA-4383-1 DLA-1617-1}
- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
+ - italc <removed>
NOTE: https://github.com/LibVNC/libvncserver/issues/243
NOTE: https://github.com/LibVNC/libvncserver/commit/502821828ed00b4a2c4bef90683d0fd88ce495de
NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-028-libvnc-heap-out-of-bound-write/
@@ -87080,6 +87091,7 @@ CVE-2018-7226 (An issue was discovered in vcSetXCutTextProc() in VNConsole.c in
CVE-2018-7225 (An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClie ...)
{DSA-4221-1 DLA-1332-1}
- libvncserver 0.9.11+dfsg-1.1 (bug #894045)
+ - italc <removed>
NOTE: https://github.com/LibVNC/libvncserver/issues/218
NOTE: https://github.com/LibVNC/libvncserver/commit/b0c77391e6bd0a2305bbc9b37a2499af74ddd9ee
CVE-2018-7224
@@ -149758,11 +149770,13 @@ CVE-2016-9943
CVE-2016-9942 (Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer ...)
{DSA-3753-1 DLA-777-1}
- libvncserver 0.9.11+dfsg-1 (bug #850008)
+ - italc <removed>
NOTE: https://github.com/LibVNC/libvncserver/pull/137
NOTE: https://github.com/LibVNC/libvncserver/pull/137/commits/5fff4353f66427b467eb29e5fdc1da4f2be028bb
CVE-2016-9941 (Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServ ...)
{DSA-3753-1 DLA-777-1}
- libvncserver 0.9.11+dfsg-1 (bug #850007)
+ - italc <removed>
NOTE: https://github.com/LibVNC/libvncserver/pull/137
NOTE: https://github.com/LibVNC/libvncserver/pull/137/commits/5418e8007c248bf9668d22a8c1fa9528149b69f2
CVE-2016-9940
@@ -225039,6 +225053,7 @@ CVE-2014-6056
CVE-2014-6055 (Multiple stack-based buffer overflows in the File Transfer feature in ...)
{DSA-3081-1 DLA-197-1}
- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
+ - italc <removed>
NOTE: https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e
NOTE: https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677
NOTE: https://github.com/newsoft/libvncserver/commit/256964b884c980038cd8b2f0d180fbb295b1c748 (improvement)
@@ -225046,6 +225061,7 @@ CVE-2014-6055 (Multiple stack-based buffer overflows in the File Transfer featur
CVE-2014-6054 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c ...)
{DSA-3081-1 DLA-197-1}
- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
+ - italc <removed>
NOTE: https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446
NOTE: https://github.com/newsoft/libvncserver/commit/f18f24ce65f5cac22ddcf3ed51417e477f9bad09 (hardening)
NOTE: https://github.com/newsoft/libvncserver/commit/5dee1cbcd83920370a487c4fd2718aa4d3eba548 (required for sparc)
@@ -225054,10 +225070,12 @@ CVE-2014-6054 (The rfbProcessClientNormalMessage function in libvncserver/rfbser
CVE-2014-6053 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c ...)
{DSA-3081-1 DLA-197-1}
- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
+ - italc <removed>
NOTE: https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
CVE-2014-6052 (The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibV ...)
{DSA-3081-1 DLA-197-1}
- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
+ - italc <removed>
NOTE: https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812
CVE-2014-6051 (Integer overflow in the MallocFrameBuffer function in vncviewer.c in L ...)
{DSA-3081-1 DLA-197-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/35f397e8072896032b87814d4eca84193cb8405f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/35f397e8072896032b87814d4eca84193cb8405f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191030/4201cb4a/attachment.html>
More information about the debian-security-tracker-commits
mailing list