Univention Bugzilla – Full Text Bug Listing |
Summary: | libvncserver: Multiple issues (4.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.2 | ||
Target Milestone: | UCS 4.2-5-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) |
Description
Quality Assurance
2019-01-03 08:21:03 CET
--- mirror/ftp/4.2/unmaintained/4.2-5/source/libvncserver_0.9.9+dfsg2-6.1+deb8u3.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/libvncserver_0.9.9+dfsg2-6.1+deb8u4.dsc @@ -1,3 +1,18 @@ +0.9.9+dfsg2-6.1+deb8u4 [Sun, 23 Dec 2018 16:21:23 +0530] Abhijith PA <abhijith@debian.org>: + + * Non-maintainer upload by the Debian LTS Team. + * CVE-2018-15127: heap out-of-bound write vulnerability (Closes: #916941) + * CVE-2018-20019: multiple heap out-of-bound write vulnerabilities + * CVE-2018-20020: heap out-of-bound write vulnerability inside structure + in VNC client code + * CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code. + * CVE-2018-20022: CWE-665: Improper Initialization vulnerability + * CVE-2018-20023:Improper Initialization vulnerability in VNC Repeater client + code + * CVE-2018-20024: null pointer dereference that can result DoS + * CVE-2018-6307: heap use-after-free vulnerability in server code of + file transfer extension + 0.9.9+dfsg2-6.1+deb8u3 [Tue, 05 Jun 2018 14:05:57 +0200] Markus Koschany <apo@debian.org>: * Non-maintainer upload. <http://10.200.17.11/4.2-5/#6773918246539366156> OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] e8a01a1e23 Bug #48402: libvncserver 0.9.9+dfsg2-6.1+deb8u4 doc/errata/staging/libvncserver.yaml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) |