Bug#987564: NMU: CVE-2020-25708 - Fix possible divide-by-zero.

[Philip Wyett]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu

Hi,

Sorry, no bug associated here, was confused how to subject the mail. Guidance 
for the future would
be appreciated.

I would like to do an NMU for CVE-2020-25708[1].

This seems to have been waiting a while and is fixed already in bullseye/sid 
and stretch. Because
of this I feel it can just go into the next point release if approved.

This update has been done during and part of this weekends 
bsp-2021-04-at-salzburg.

Note: I am not a DM or DD and this will require a sponsor to upload if approved.

[1] https://security-tracker.debian.org/tracker/CVE-2020-25708

Regards

Phil

-- 
*** Playing the game for the games own sake. ***

WWW: https://kathenas.org

Twitter: @kathenasorg

Instagram: @kathenasorg

IRC: kathenas

GPG: 724AA9B52F024C8B

diff -Nru libvncserver-0.9.11+dfsg/debian/changelog libvncserver-0.9.11+dfsg/debian/changelog
--- libvncserver-0.9.11+dfsg/debian/changelog	2020-08-28 22:40:37.000000000 +0100
+++ libvncserver-0.9.11+dfsg/debian/changelog	2021-04-25 17:01:53.000000000 +0100
@@ -1,3 +1,10 @@
+libvncserver (0.9.11+dfsg-1.3+deb10u5) buster; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2020-25708: libvncserver: fix possible divide-by-zero.
+
+ -- Phil Wyett <philip.wy...@kathenas.org>  Sun, 25 Apr 2021 17:01:53 +0100
+
 libvncserver (0.9.11+dfsg-1.3+deb10u4) buster; urgency=medium
 
   * CVE-2019-20839: libvncclient: bail out if unix socket name would overflow.
diff -Nru libvncserver-0.9.11+dfsg/debian/patches/CVE-2020-25708.patch libvncserver-0.9.11+dfsg/debian/patches/CVE-2020-25708.patch
--- libvncserver-0.9.11+dfsg/debian/patches/CVE-2020-25708.patch	1970-01-01 01:00:00.000000000 +0100
+++ libvncserver-0.9.11+dfsg/debian/patches/CVE-2020-25708.patch	2021-04-25 17:01:53.000000000 +0100
@@ -0,0 +1,14 @@
+Index: libvncserver-0.9.11+dfsg/libvncserver/rfbserver.c
+===================================================================
+--- libvncserver-0.9.11+dfsg.orig/libvncserver/rfbserver.c
++++ libvncserver-0.9.11+dfsg/libvncserver/rfbserver.c
+@@ -3294,6 +3294,9 @@ rfbSendRectEncodingRaw(rfbClientPtr cl,
+     char *fbptr = (cl->scaledScreen->frameBuffer + (cl->scaledScreen->paddedWidthInBytes * y)
+                    + (x * (cl->scaledScreen->bitsPerPixel / 8)));
+
++    if(!h || !w)
++    	return TRUE; /* nothing to send */
++
+     /* Flush the buffer to guarantee correct alignment for translateFn(). */
+     if (cl->ublen > 0) {
+         if (!rfbSendUpdateBuf(cl))
diff -Nru libvncserver-0.9.11+dfsg/debian/patches/series libvncserver-0.9.11+dfsg/debian/patches/series
--- libvncserver-0.9.11+dfsg/debian/patches/series	2020-08-28 22:40:19.000000000 +0100
+++ libvncserver-0.9.11+dfsg/debian/patches/series	2021-04-25 17:01:53.000000000 +0100
@@ -37,3 +37,4 @@
 CVE-2020-14401.patch
 CVE-2020-14402+14403+14404.patch
 CVE-2020-14405.patch
+CVE-2020-25708.patch

signature.asc
Description: This is a digitally signed message part