Univention Bugzilla – Bug 52366
libvncserver: Multiple issues (4.4)
Last modified: 2020-11-18 16:44:03 CET
New Debian libvncserver 0.9.11+dfsg-1.3~deb9u6 fixes: This update addresses the following issue: * libvncserver/rfbserver.c has a divide by zero which could result in DoS (CVE-2020-25708)
--- mirror/ftp/4.4/unmaintained/4.4-6/source/libvncserver_0.9.11+dfsg-1.3~deb9u5.dsc +++ apt/ucs_4.4-0-errata4.4-6/source/libvncserver_0.9.11+dfsg-1.3~deb9u6.dsc @@ -1,3 +1,9 @@ +0.9.11+dfsg-1.3~deb9u6 [Sun, 15 Nov 2020 16:03:02 +0100] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2020-25708 + fix for a divide by zero which could result in DoS + 0.9.11+dfsg-1.3~deb9u5 [Fri, 28 Aug 2020 21:22:58 +0200] Mike Gabriel <sunweaver@debian.org>: * CVE-2019-20839: libvncclient: bail out if unix socket name would overflow. <http://10.200.17.11/4.4-6/#413696957005124880>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-6] 96cf8bda8d Bug #52366: libvncserver 0.9.11+dfsg-1.3~deb9u6 doc/errata/staging/libvncserver.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x807>