Package: libvncserver
Severity: important
Tags: security
Hi there,
the following vulnerabilities were published for libVNCserver:
CVE-2014-6051 Integer overflow in MallocFrameBuffer() on client side.
CVE-2014-6052 Lack of malloc() return value checking on client side.
CVE-2014-6053 Server crash on a very large ClientCutText message.
CVE-2014-6054 Server crash when scaling factor is set to zero.
CVE-2014-6055 Multiple stack overflows in File Transfer feature.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
http://seclists.org/oss-sec/2014/q3/639
Please adjust the affected versions in the BTS as needed and clone this bug if
you are not going to fix all these problems together.
Regards, luciano
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
