Attachment 175489 Details for Bug 212380 – Add multiple vulns entry for libvncserver

[patch] Add multiple vulns entry for libvncserver

file_212380.txt (text/plain), 1.73 KB, created by VK on 2016-10-07 11:32:12 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: VK

Created: 2016-10-07 11:32:12 UTC

Size: 1.73 KB

patch

obsolete

>Index: security/vuxml/vuln.xml
>===================================================================
>--- security/vuxml/vuln.xml (revision 423460)
>+++ security/vuxml/vuln.xml (working copy)
>@@ -58,6 +58,40 @@
> * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
>+ <vuln vid="cb3f036d-8c7f-11e6-924a-60a44ce6887b">
>+ <topic>libvncserver -- multiple security vulnerabilities</topic>
>+ <affects>
>+ <package>
>+ <name>libvncserver</name>
>+ <range><lt>0.9.10</lt></range>
>+ </package>
>+ </affects>
>+ <description>
>+ <body xmlns="http://www.w3.org/1999/xhtml">
>+ Nicolas Ruff reports:
>+ <blockquote cite="http://seclists.org/oss-sec/2014/q3/639">
>+ Integer overflow in MallocFrameBuffer() on client side.
>+ Lack of malloc() return value checking on client side.
>+ Server crash on a very large ClientCutText message.
>+ Server crash when scaling factor is set to zero.
>+ Multiple stack overflows in File Transfer feature.
>+ </blockquote>
>+ </body>
>+ </description>
>+ <references>
>+ <url>http://seclists.org/oss-sec/2014/q3/639</url>
>+ <cvename>CVE-2014-6051</cvename>
>+ <cvename>CVE-2014-6052</cvename>
>+ <cvename>CVE-2014-6053</cvename>
>+ <cvename>CVE-2014-6054</cvename>
>+ <cvename>CVE-2014-6055</cvename>
>+ </references>
>+ <dates>
>+ <discovery>2014-09-23</discovery>
>+ <entry>2016-10-07</entry>
>+ </dates>
>+ </vuln>
>+
> <vuln vid="c8d902b1-8550-11e6-81e7-d050996490d0">
> <topic>BIND -- Remote Denial of Service vulnerability</topic>
> <affects>

Actions: View | Diff

Attachments on bug 212380: 175489