Summary: | <net-libs/libvncserver-0.9.12-r3: memory leak allows attacker to read stack memory (CVE-2019-15681) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | alexander, proxy-maint |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://github.com/gentoo/gentoo/pull/13509 https://github.com/gentoo/gentoo/pull/14490 |
||
Whiteboard: | B4 [noglsa cve] | ||
Package list: |
net-libs/libvncserver-0.9.12-r3
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2019-10-31 16:49:21 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ae4ada68cdf7aa131d7a50c9305b55ba14fcd43 commit 5ae4ada68cdf7aa131d7a50c9305b55ba14fcd43 Author: Alexander Tsoy <alexander@tsoy.me> AuthorDate: 2019-10-31 18:41:58 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2019-11-01 14:10:59 +0000 net-libs/libvncserver: Add a bunch of upstream fixes * fix CVE-2018-20750 (the fix for CVE-2018-15127 was incomplete) * fix CVE-2019-15681 * fix libdir in pkgconfig files * fix regression in Tight/Raw decoding Bug: https://bugs.gentoo.org/699036 Closes: https://bugs.gentoo.org/676942 Closes: https://bugs.gentoo.org/691848 Package-Manager: Portage-2.3.76, Repoman-2.3.16 Signed-off-by: Alexander Tsoy <alexander@tsoy.me> Closes: https://github.com/gentoo/gentoo/pull/13509 Signed-off-by: Joonas Niilola <juippis@gentoo.org> .../files/libvncserver-0.9.12-CVE-2018-20750.patch | 47 ++++++++++++++ .../files/libvncserver-0.9.12-CVE-2019-15681.patch | 26 ++++++++ .../files/libvncserver-0.9.12-cmake-libdir.patch | 32 ++++++++-- ...ibvncserver-0.9.12-fix-tight-raw-decoding.patch | 40 ++++++++++++ .../libvncserver-0.9.12-pkgconfig-libdir.patch | 41 ++++++++++++ .../libvncserver/libvncserver-0.9.12-r3.ebuild | 73 ++++++++++++++++++++++ 6 files changed, 255 insertions(+), 4 deletions(-) Lets stabilize =net-libs/libvncserver-0.9.12-r3 Can somebody help with modifying keywords and package list? sparc stable amd64 stable ppc64 stable ppc stable ia64 stable x86 stable arm64 stable arm stable commit 4eadcbe351d47b9e91bbcb525b0576f714ff360b Author: Rolf Eike Beer <eike@sf-mail.de> Date: Thu Nov 21 17:20:53 2019 +0100 net-libs/libvncserver: stable 0.9.12-r3 for hppa, bug #699036 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f025d1be661d04fc3c216735c5eea788abbe2c4e commit f025d1be661d04fc3c216735c5eea788abbe2c4e Author: Alexander Tsoy <alexander@tsoy.me> AuthorDate: 2020-01-28 19:36:47 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-01-28 20:55:14 +0000 net-libs/libvncserver: Drop vulnerable version Bug: https://bugs.gentoo.org/699036 Signed-off-by: Alexander Tsoy <alexander@tsoy.me> Closes: https://github.com/gentoo/gentoo/pull/14490 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> .../libvncserver/libvncserver-0.9.12-r2.ebuild | 69 ---------------------- 1 file changed, 69 deletions(-) Cleanup done. Arches and Maintainer(s), Thank you for your work. |