summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander Tsoy <alexander@tsoy.me>2019-10-31 21:41:58 +0300
committerJoonas Niilola <juippis@gentoo.org>2019-11-01 16:10:59 +0200
commit5ae4ada68cdf7aa131d7a50c9305b55ba14fcd43 (patch)
treef865e9b4113dd62f602718e26ffbd53caa4d313e /net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15681.patch
parentdev-libs/libdivecomputer: update BDEPEND for -9999 live ebuild (diff)
downloadgentoo-5ae4ada68cdf7aa131d7a50c9305b55ba14fcd43.tar.gz
gentoo-5ae4ada68cdf7aa131d7a50c9305b55ba14fcd43.tar.bz2
gentoo-5ae4ada68cdf7aa131d7a50c9305b55ba14fcd43.zip
net-libs/libvncserver: Add a bunch of upstream fixes
* fix CVE-2018-20750 (the fix for CVE-2018-15127 was incomplete) * fix CVE-2019-15681 * fix libdir in pkgconfig files * fix regression in Tight/Raw decoding Bug: https://bugs.gentoo.org/699036 Closes: https://bugs.gentoo.org/676942 Closes: https://bugs.gentoo.org/691848 Package-Manager: Portage-2.3.76, Repoman-2.3.16 Signed-off-by: Alexander Tsoy <alexander@tsoy.me> Closes: https://github.com/gentoo/gentoo/pull/13509 Signed-off-by: Joonas Niilola <juippis@gentoo.org>
Diffstat (limited to 'net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15681.patch')
-rw-r--r--net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15681.patch26
1 files changed, 26 insertions, 0 deletions
diff --git a/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15681.patch b/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15681.patch
new file mode 100644
index 000000000000..301d1340d14c
--- /dev/null
+++ b/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15681.patch
@@ -0,0 +1,26 @@
+From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001
+From: Christian Beier <dontmind@freeshell.org>
+Date: Mon, 19 Aug 2019 22:32:25 +0200
+Subject: [PATCH 48/51] rfbserver: don't leak stack memory to the remote
+
+Thanks go to Pavel Cheremushkin of Kaspersky for reporting.
+---
+ libvncserver/rfbserver.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
+index 3bacc89..310e548 100644
+--- a/libvncserver/rfbserver.c
++++ b/libvncserver/rfbserver.c
+@@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char *str, int len)
+ rfbServerCutTextMsg sct;
+ rfbClientIteratorPtr iterator;
+
++ memset((char *)&sct, 0, sizeof(sct));
++
+ iterator = rfbGetClientIterator(rfbScreen);
+ while ((cl = rfbClientIteratorNext(iterator)) != NULL) {
+ sct.type = rfbServerCutText;
+--
+2.23.0
+