[SECURITY] [DLA 2146-1] libvncserver security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2146-1] libvncserver security update
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Wed, 18 Mar 2020 01:13:31 +0530
Message-id: <[🔎] 86b7875d-69c3-c4a1-da49-805671437dc9@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libvncserver
Version        : 0.9.9+dfsg2-6.1+deb8u7
CVE ID         : CVE-2019-15690
Debian Bug     : 954163


In libvncserver, through libvncclient/cursor.c, there is a possibility
of a heap overflow, as reported by Pavel Cheremushkin.

For Debian 8 "Jessie", this problem has been fixed in version
0.9.9+dfsg2-6.1+deb8u7.

We recommend that you upgrade your libvncserver packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Best,
Utkarsh
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl5xKFkACgkQgj6WdgbD
S5bDwxAAg9nrkT0BLeVDzDVkuGUu8nN0Tb5Mp+KYtxShN7bxcXbm+y52hyq6pnnH
vjysWhNWSp7Nhz5JckYmlATLUgX8cTA15Gzug7b73O6tnXzv69bYU8UKSLsHyQK4
qEy67Ee2/qCXM+OzVg2ui71Bo+aGXBa0uB4Xa5+nleA5BUa4cqTqZC68Amq1fQUr
zw9gjaNUUAoi0LZ5waOGuAGvQOAhbaKNh1gU7omLaTgBUY0+ZC5G5gviXjo8BEsL
MSRM/rx5Q3dFSypany/uYEt5rkncRgsMrVmLYQUtUeimP7fNJyQUaiiVG6M3zrBu
k/9S9QJ8UoXXacQrBoDw+uGo1VWssZAXBtcTNyLYQ+U+aFoLCPm7xfehP2qORRDM
9V71wTta6X0EvqlqGHLPp/JC9ytBbF9CwWb369vuJ0B3YuXOEs9Nr7EfQlBam6Uv
ZZ9i7Ebb3RWiplri4T05K7nkt+CLIFIdks2kki4Ap4ruFmGC0iK9q+bTXevxJGLP
upvpdIwpCFYFbIk1Yedx6GGk3gXWZUjPwCIXoZrENJl2MklvCbebSn1rLHjZ2Cx3
aKnH7GnJVvh2WuCEGqx+4WtAj5mG9+cBPLKEPrC5BCTmLlCy9nu2R8CmvwQq+69A
O2C0UqoSe3A2t1bQoWFFgakCf5XyGjasXf41Kq252WsWaazc/60=
=+9al
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2145-1] twisted security update
Next by Date: [SECURITY] [DLA 2147-1] gdal security update
Previous by thread: [SECURITY] [DLA 2145-1] twisted security update
Next by thread: [SECURITY] [DLA 2147-1] gdal security update
Index(es):
- Date
- Thread