Overview
Request 762160 accepted
- TigerVNC security fix:
0001-Make-ZlibInStream-more-robust-against-failures.patch
0002-Encapsulate-PixelBuffer-internal-details.patch
0003-Restrict-PixelBuffer-dimensions-to-safe-values.patch
0004-Add-write-protection-to-OffsetPixelBuffer.patch
0005-Handle-empty-Tight-gradient-rects.patch
0006-Add-unit-test-for-PixelFormat-sanity-checks.patch
0007-Fix-depth-sanity-test-in-PixelFormat.patch
0008-Add-sanity-checks-for-PixelFormat-shift-values.patch
0009-Remove-unused-FixedMemOutStream.patch
0010-Use-size_t-for-lengths-in-stream-objects.patch
0011-Be-defensive-about-overflows-in-stream-objects.patch
0012-Add-unit-tests-for-PixelFormat.is888-detection.patch
0013-Handle-pixel-formats-with-odd-shift-values.patch
* stack use-after-return due to incorrect usage of stack memory
in ZRLEDecoder (CVE-2019-15691, bsc#1159856)
* improper value checks in CopyRectDecode may lead to heap
buffer overflow (CVE-2019-15692, bsc#1160250)
* heap buffer overflow in TightDecoder::FilterGradient
(CVE-2019-15693, bsc#1159858)
* improper error handling in processing MemOutStream may lead
to heap buffer overflow (CVE-2019-15694, bsc#1160251
* stack buffer overflow, which could be triggered from
CMsgReader::readSetCurso (CVE-2019-15695, bsc#1159860)
Request History
sndirsch created request
- TigerVNC security fix:
0001-Make-ZlibInStream-more-robust-against-failures.patch
0002-Encapsulate-PixelBuffer-internal-details.patch
0003-Restrict-PixelBuffer-dimensions-to-safe-values.patch
0004-Add-write-protection-to-OffsetPixelBuffer.patch
0005-Handle-empty-Tight-gradient-rects.patch
0006-Add-unit-test-for-PixelFormat-sanity-checks.patch
0007-Fix-depth-sanity-test-in-PixelFormat.patch
0008-Add-sanity-checks-for-PixelFormat-shift-values.patch
0009-Remove-unused-FixedMemOutStream.patch
0010-Use-size_t-for-lengths-in-stream-objects.patch
0011-Be-defensive-about-overflows-in-stream-objects.patch
0012-Add-unit-tests-for-PixelFormat.is888-detection.patch
0013-Handle-pixel-formats-with-odd-shift-values.patch
* stack use-after-return due to incorrect usage of stack memory
in ZRLEDecoder (CVE-2019-15691, bsc#1159856)
* improper value checks in CopyRectDecode may lead to heap
buffer overflow (CVE-2019-15692, bsc#1160250)
* heap buffer overflow in TightDecoder::FilterGradient
(CVE-2019-15693, bsc#1159858)
* improper error handling in processing MemOutStream may lead
to heap buffer overflow (CVE-2019-15694, bsc#1160251
* stack buffer overflow, which could be triggered from
CMsgReader::readSetCurso (CVE-2019-15695, bsc#1159860)
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
namtrac accepted review
dimstar_suse set openSUSE:Factory:Staging:I as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:I"
dimstar_suse accepted review
Picked "openSUSE:Factory:Staging:I"
dimstar_suse accepted review
Staging Project openSUSE:Factory:Staging:I got accepted.
dimstar_suse approved review
Staging Project openSUSE:Factory:Staging:I got accepted.
dimstar_suse accepted request
Staging Project openSUSE:Factory:Staging:I got accepted.
