Ubuntu
libvncserver package

Branches for Precise

Name Status Last Modified Last Commit
lp:ubuntu/precise/libvncserver 2 Mature 2012-01-07 11:09:23 UTC
16. * Merge from Debian testing, remainin...

Author: Felix Geyer
Revision Date: 2012-01-07 11:09:23 UTC

* Merge from Debian testing, remaining changes:
  - Build with -O0 on ppc64 to work around a link failure.
lp:ubuntu/precise-security/libvncserver 2 Mature 2014-09-29 16:59:34 UTC
17. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-09-25 11:50:27 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  integer overflow and lack of malloc error handling in
  MallocFrameBuffer()
  - debian/patches/CVE-2014-6051-6052.patch: check size and handle
    return code in libvncclient/vncviewer.c, handle return code in
    libvncclient/rfbproto.c.
  - CVE-2014-6051
  - CVE-2014-6052
* SECURITY UPDATE: denial of service via large ClientCutText message
  - debian/patches/CVE-2014-6053.patch: check malloc result in
    libvncserver/rfbserver.c.
  - CVE-2014-6053
* SECURITY UPDATE: denial of service via zero scaling factor
  - debian/patches/CVE-2014-6054.patch: prevent zero scaling factor in
    libvncserver/rfbserver.c, check for integer overflow in
    libvncserver/scale.c.
  - CVE-2014-6054
* SECURITY UPDATE: denial of service and possible code execution via
  stack overflows in File Transfer feature
  - debian/patches/CVE-2014-6055.patch: check sizes in
    libvncserver/rfbserver.c.
  - CVE-2014-6055
lp:ubuntu/precise-updates/libvncserver 2 Mature 2014-09-29 17:35:05 UTC
17. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-09-25 11:50:27 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  integer overflow and lack of malloc error handling in
  MallocFrameBuffer()
  - debian/patches/CVE-2014-6051-6052.patch: check size and handle
    return code in libvncclient/vncviewer.c, handle return code in
    libvncclient/rfbproto.c.
  - CVE-2014-6051
  - CVE-2014-6052
* SECURITY UPDATE: denial of service via large ClientCutText message
  - debian/patches/CVE-2014-6053.patch: check malloc result in
    libvncserver/rfbserver.c.
  - CVE-2014-6053
* SECURITY UPDATE: denial of service via zero scaling factor
  - debian/patches/CVE-2014-6054.patch: prevent zero scaling factor in
    libvncserver/rfbserver.c, check for integer overflow in
    libvncserver/scale.c.
  - CVE-2014-6054
* SECURITY UPDATE: denial of service and possible code execution via
  stack overflows in File Transfer feature
  - debian/patches/CVE-2014-6055.patch: check sizes in
    libvncserver/rfbserver.c.
  - CVE-2014-6055
13 of 3 results FirstPreviousNextLast