Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package LibVNCServer for openSUSE:Factory checked in at 2022-09-09 18:22:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/LibVNCServer (Old) and /work/SRC/openSUSE:Factory/.LibVNCServer.new.2083 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "LibVNCServer" Fri Sep 9 18:22:19 2022 rev:46 rq:1001885 version:0.9.13 Changes: -------- --- /work/SRC/openSUSE:Factory/LibVNCServer/LibVNCServer.changes 2021-09-21 21:13:10.350640660 +0200 +++ /work/SRC/openSUSE:Factory/.LibVNCServer.new.2083/LibVNCServer.changes 2022-09-09 18:22:23.700076282 +0200 @@ -1,0 +2,8 @@ +Thu Sep 8 08:26:25 UTC 2022 - [email protected] + +- security update +- added patches + fix CVE-2020-29260 [bsc#1203106], memory leakage via rfbClientCleanup() + + LibVNCServer-CVE-2020-29260.patch + +------------------------------------------------------------------- New: ---- LibVNCServer-CVE-2020-29260.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ LibVNCServer.spec ++++++ --- /var/tmp/diff_new_pack.TNEIAB/_old 2022-09-09 18:22:24.820079247 +0200 +++ /var/tmp/diff_new_pack.TNEIAB/_new 2022-09-09 18:22:24.824079258 +0200 @@ -1,7 +1,7 @@ # # spec file for package LibVNCServer # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -38,6 +38,8 @@ Patch13: 0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch # PATCH-FIX-UPSTREAM Fix another crasher glgo#GNOME/gnome-remote-desktop#45 rh#1882718 Patch14: 0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch +# CVE-2020-29260 [bsc#1203106], memory leakage via rfbClientCleanup() +Patch15: LibVNCServer-CVE-2020-29260.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: libavahi-devel ++++++ LibVNCServer-CVE-2020-29260.patch ++++++ diff --git a/libvncclient/vncviewer.c b/libvncclient/vncviewer.c index d6b91f02b..0a1bdcf6a 100644 --- a/libvncclient/vncviewer.c +++ b/libvncclient/vncviewer.c @@ -534,6 +534,8 @@ void rfbClientCleanup(rfbClient* client) { client->clientData = next; } + free(client->vncRec); + if (client->sock != RFB_INVALID_SOCKET) rfbCloseSocket(client->sock); if (client->listenSock != RFB_INVALID_SOCKET)
