[Git][security-tracker-team/security-tracker][master] Several tightvnc issues fixed in unstable

Salvatore Bonaccorso Sun, 22 Dec 2019 22:06:53 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7990e1f2 by Salvatore Bonaccorso at 2019-12-23T06:05:24Z
Several tightvnc issues fixed in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18783,7 +18783,7 @@ CVE-2019-15681 (LibVNC commit before 
d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a co
        [stretch] - libvncserver <no-dsa> (Minor issue)
        - italc <removed>
        [stretch] - italc <no-dsa> (Minor issue)
-       - tightvnc <unfixed>
+       - tightvnc 1:1.3.9-9.1
        [buster] - tightvnc <no-dsa> (Minor issue)
        [stretch] - tightvnc <no-dsa> (Minor issue)
        - vino <unfixed> (bug #945784)
@@ -18792,20 +18792,20 @@ CVE-2019-15681 (LibVNC commit before 
d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a co
        NOTE: 
https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a
 CVE-2019-15680 (TightVNC code version 1.3.10 contains null pointer dereference 
in Hand ...)
        {DLA-2045-1}
-       - tightvnc <unfixed> (unimportant; bug #945364)
+       - tightvnc 1:1.3.9-9.1 (unimportant; bug #945364)
        - italc <removed> (unimportant)
        - libvncserver <unfixed> (unimportant)
        NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
        NOTE: 
https://github.com/sunweaver/libvncserver/commit/85d00057b5daf71675462c9b175d8cb2d47cd0e1
 CVE-2019-15679 (TightVNC code version 1.3.10 contains heap buffer overflow in 
Initiali ...)
        {DLA-2045-1}
-       - tightvnc <unfixed> (bug #945364)
+       - tightvnc 1:1.3.9-9.1 (bug #945364)
        NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
        NOTE: 
https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7
        NOTE: part of CVE-2018-20748/libvncserver
 CVE-2019-15678 (TightVNC code version 1.3.10 contains heap buffer overflow in 
rfbServe ...)
        {DLA-2045-1}
-       - tightvnc <unfixed> (bug #945364)
+       - tightvnc 1:1.3.9-9.1 (bug #945364)
        NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
        NOTE: 
https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
        NOTE: part of CVE-2018-20748/libvnvserver
@@ -42259,7 +42259,7 @@ CVE-2019-8288 (Vulnerability in Online Store v1.0, 
Stored XSS in user_view.php w
        NOT-FOR-US: Online Store System
 CVE-2019-8287 (TightVNC code version 1.3.10 contains global buffer overflow in 
Handle ...)
        {DLA-2045-1}
-       - tightvnc <unfixed> (bug #945364)
+       - tightvnc 1:1.3.9-9.1 (bug #945364)
        NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
        NOTE: same as CVE-2018-20020/libvncserver
 CVE-2019-8286 (Information Disclosure in Kaspersky Anti-Virus, Kaspersky 
Internet Sec ...)
@@ -59241,7 +59241,7 @@ CVE-2018-20022 (LibVNC before 
2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains
        - libvncserver 0.9.11+dfsg-1.2 (bug #916941)
        - italc <removed>
        - ssvnc 1.0.29-5 (bug #945827)
-       - tightvnc <unfixed>
+       - tightvnc 1:1.3.9-9.1
        - veyon 4.1.4+repack1-1
        NOTE: https://github.com/LibVNC/libvncserver/issues/252
        NOTE: 
https://github.com/LibVNC/libvncserver/commit/2f5b2ad1c6c99b1ac6482c95844a84d66bb52838
@@ -59251,7 +59251,7 @@ CVE-2018-20021 (LibVNC before commit 
c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c co
        - libvncserver 0.9.11+dfsg-1.2 (bug #916941)
        - italc <removed>
        - ssvnc 1.0.29-5 (bug #945827)
-       - tightvnc <unfixed>
+       - tightvnc 1:1.3.9-9.1
        - veyon 4.1.4+repack1-1
        NOTE: https://github.com/LibVNC/libvncserver/issues/251
        NOTE: 
https://github.com/LibVNC/libvncserver/commit/c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c
@@ -97832,7 +97832,7 @@ CVE-2018-7225 (An issue was discovered in LibVNCServer 
through 0.9.11. rfbProces
        {DSA-4221-1 DLA-2045-1 DLA-2014-1 DLA-1979-1 DLA-1332-1}
        - libvncserver 0.9.11+dfsg-1.1 (bug #894045)
        - italc <removed>
-       - tightvnc <unfixed>
+       - tightvnc 1:1.3.9-9.1
        - vino <unfixed> (bug #945784)
        NOTE: https://github.com/LibVNC/libvncserver/issues/218
        NOTE: 
https://github.com/LibVNC/libvncserver/commit/b0c77391e6bd0a2305bbc9b37a2499af74ddd9ee
@@ -235762,7 +235762,7 @@ CVE-2014-6053 (The rfbProcessClientNormalMessage 
function in libvncserver/rfbser
        {DSA-3081-1 DLA-2045-1 DLA-2014-1 DLA-1979-1 DLA-197-1}
        - libvncserver 0.9.9+dfsg-6.1 (bug #762745)
        - italc 1:3.0.1+dfsg1-1
-       - tightvnc <unfixed>
+       - tightvnc 1:1.3.9-9.1
        - vino <unfixed> (bug #945784)
        NOTE: 
https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
 CVE-2014-6052 (The HandleRFBServerMessage function in libvncclient/rfbproto.c 
in LibV ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7990e1f212b6b15e09d66daa6f6598b3e072b3a9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7990e1f212b6b15e09d66daa6f6598b3e072b3a9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Several tightvnc issues fixed in unstable

Reply via email to