diff options
| author | Leo <thinkabit.ukim@gmail.com> | 2019-11-01 20:35:27 -0300 |
|---|---|---|
| committer | Kevin Daudt <kdaudt@alpinelinux.org> | 2019-11-03 22:00:08 +0000 |
| commit | 3f0b215e21eca7395224b2eb4c9ef16ce7992771 (patch) | |
| tree | 6140cdd4b57e070d6abeccc98fb2e7556597badb /main | |
| parent | 0cb0e034871173f92fea3c60c471d5c4570db3c7 (diff) | |
| download | aports-3f0b215e21eca7395224b2eb4c9ef16ce7992771.tar.bz2 aports-3f0b215e21eca7395224b2eb4c9ef16ce7992771.tar.xz | |
main/libvncserver: fix CVE-2019-15681
ref #10924
Closes !1012
Diffstat (limited to 'main')
| -rw-r--r-- | main/libvncserver/APKBUILD | 11 | ||||
| -rw-r--r-- | main/libvncserver/CVE-2019-15681.patch | 23 |
2 files changed, 31 insertions, 3 deletions
diff --git a/main/libvncserver/APKBUILD b/main/libvncserver/APKBUILD index 9483c6e658..1de5decbbc 100644 --- a/main/libvncserver/APKBUILD +++ b/main/libvncserver/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=libvncserver pkgver=0.9.11 -pkgrel=2 +pkgrel=3 pkgdesc="Library to make writing a vnc server easy" url="http://libvncserver.sourceforge.net/" arch="all" @@ -16,9 +16,13 @@ makedepends="$depends_dev autoconf automake libtool" install="" subpackages="$pkgname-dev" source="https://github.com/LibVNC/libvncserver/archive/LibVNCServer-$pkgver.tar.gz - CVE-2018-7225.patch" + CVE-2018-7225.patch + CVE-2019-15681.patch + " # secfixes: +# 0.9.11-r3: +# - CVE-2019-15681 # 0.9.11-r2: # - CVE-2018-7225 # 0.9.11-r0: @@ -53,4 +57,5 @@ package() { } sha512sums="e473c081b68dd3cdd96a1756b4f4945ece79d3c8e4cef62140be1699671555fc16d3080e81d764197a14ea83203ffcd0e18c3cc182e012d036e3faae943003fb LibVNCServer-0.9.11.tar.gz -1704254e74aa0adca48669c28ff475bf82a9468cf31edf43c3e0d10178307a7c8ecd8a8f11c061931318a6e529922d4adc188347da1e632dc2ade604a4388706 CVE-2018-7225.patch" +1704254e74aa0adca48669c28ff475bf82a9468cf31edf43c3e0d10178307a7c8ecd8a8f11c061931318a6e529922d4adc188347da1e632dc2ade604a4388706 CVE-2018-7225.patch +5ecb5a26813f3f07440ef6c54eebaca4e9b4f7c1cf2ba13375e3b23b950a9b818d068d4eef5532d7ea4d7ae084c4356af7257c45426101ff51afe2b7da338a1f CVE-2019-15681.patch" diff --git a/main/libvncserver/CVE-2019-15681.patch b/main/libvncserver/CVE-2019-15681.patch new file mode 100644 index 0000000000..e328d87920 --- /dev/null +++ b/main/libvncserver/CVE-2019-15681.patch @@ -0,0 +1,23 @@ +From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001 +From: Christian Beier <dontmind@freeshell.org> +Date: Mon, 19 Aug 2019 22:32:25 +0200 +Subject: [PATCH] rfbserver: don't leak stack memory to the remote + +Thanks go to Pavel Cheremushkin of Kaspersky for reporting. +--- + libvncserver/rfbserver.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c +index 3bacc891..310e5487 100644 +--- a/libvncserver/rfbserver.c ++++ b/libvncserver/rfbserver.c +@@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char *str, int len) + rfbServerCutTextMsg sct; + rfbClientIteratorPtr iterator; + ++ memset((char *)&sct, 0, sizeof(sct)); ++ + iterator = rfbGetClientIterator(rfbScreen); + while ((cl = rfbClientIteratorNext(iterator)) != NULL) { + sct.type = rfbServerCutText; |