------------------------------------------------------------------- Tue Nov 24 12:21:34 UTC 2020 - pgajdos@suse.com - security update - added patches fix CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS + LibVNCServer-CVE-2020-25708.patch ------------------------------------------------------------------- Thu Jul 9 13:21:14 UTC 2020 - pgajdos@suse.com - security update - added patches fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c + LibVNCServer-CVE-2020-14398.patch ------------------------------------------------------------------- Wed Jul 8 07:55:28 UTC 2020 - pgajdos@suse.com - security update - added patches fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. + LibVNCServer-CVE-2020-14402,14403,14404.patch ------------------------------------------------------------------- Tue Apr 28 06:39:32 UTC 2020 - pgajdos@suse.com - security update - added patches fix CVE-2019-15690 [bsc#1160471], heap buffer overflow + LibVNCServer-CVE-2019-15690.patch fix CVE-2019-20788 [bsc#1170441], integer overflow and heap-based buffer overflow via a large height or width value + LibVNCServer-CVE-2019-20788.patch ------------------------------------------------------------------- Mon Nov 4 13:07:47 UTC 2019 - pgajdos@suse.com - security update - added patches CVE-2019-15681 [bsc#1155419] + LibVNCServer-CVE-2019-15681.patch - note the correct way how to run the testsuite, it does not seem to be usable as it is, though (segfaults) ------------------------------------------------------------------- Tue Feb 5 14:04:35 UTC 2019 - Petr Gajdos - security update * CVE-2018-20749 [bsc#1123828] + LibVNCServer-CVE-2018-20749.patch * CVE-2018-20750 [bsc#1123832] + LibVNCServer-CVE-2018-20750.patch * CVE-2018-20748 [bsc#1123823] + LibVNCServer-CVE-2018-20748.patch ------------------------------------------------------------------- Thu Jan 3 11:18:40 UTC 2019 - Petr Gajdos - security update * CVE-2018-15126 [bsc#1120114] + LibVNCServer-CVE-2018-15126.patch * CVE-2018-6307 [bsc#1120115] + LibVNCServer-CVE-2018-6307.patch * CVE-2018-20020 [bsc#1120116] + LibVNCServer-CVE-2018-20020.patch * CVE-2018-15127 [bsc#1120117] + LibVNCServer-CVE-2018-15127.patch * CVE-2018-20019 [bsc#1120118] + LibVNCServer-CVE-2018-20019.patch * CVE-2018-20022 [bsc#1120120] + LibVNCServer-CVE-2018-20022.patch * CVE-2018-20024 [bsc#1120121] + LibVNCServer-CVE-2018-20024.patch * CVE-2018-20021 [bsc#1120122] + LibVNCServer-CVE-2018-20021.patch ------------------------------------------------------------------- Mon Mar 19 17:57:55 UTC 2018 - pgajdos@suse.com - security update * CVE-2018-7225 [bsc#1081493] + LibVNCServer-CVE-2018-7225.patch ------------------------------------------------------------------- Tue Jan 3 15:31:41 UTC 2017 - pgajdos@suse.com - security update: * CVE-2016-9941 [bsc#1017711] + LibVNCServer-CVE-2016-9941.patch * CVE-2016-9942 [bsc#1017712] + LibVNCServer-CVE-2016-9942.patc ------------------------------------------------------------------- Thu Nov 12 18:06:21 UTC 2015 - max@suse.com - bsc#897031: fix several security issues: * CVE-2014-6051: Integer overflow in MallocFrameBuffer() on client side. * CVE-2014-6052: Lack of malloc() return value checking on client side. * CVE-2014-6053: Server crash on a very large ClientCutText message. * CVE-2014-6054: Server crash when scaling factor is set to zero. * CVE-2014-6055: Multiple stack overflows in File Transfer feature. ------------------------------------------------------------------- Mon Oct 27 15:36:23 CET 2008 - garloff@suse.de - fix-warn.diff: Avoid pointer > 0 comparison (bnc 435610) ------------------------------------------------------------------- Mon Feb 25 07:27:32 CET 2008 - crrodriguez@suse.de - fix library-without-ldconfig-post* errors - devel package requires zlib-devel ------------------------------------------------------------------- Thu Oct 11 15:46:54 CEST 2007 - sbrabec@suse.cz - Use binding specific avahi package. ------------------------------------------------------------------- Tue Jul 17 01:16:12 CEST 2007 - garloff@suse.de - Split LibVNCServer into itself, -devel and x11vnc. - Update to LibVNCserver-0.9.1. - Drop patches that have been integrated upstream. ------------------------------------------------------------------- Wed Apr 11 10:40:20 CEST 2007 - stbinner@suse.de - fix misplaced guards in rfb.h ------------------------------------------------------------------- Thu Mar 15 17:14:53 MDT 2007 - ccoffing@novell.com - Fix incorrect usage of condition variables, which was causing a crash during heavy updates. (#246100) ------------------------------------------------------------------- Fri Jul 28 19:14:22 CEST 2006 - garloff@suse.de - Update to version 0.8.2: * Support for VNC protocol version 3.8. * Many UltraVNC encodings and features added: FileTransfer, SetSingleWindow, ServerInput, TextChat, UltraZip, etc. * Support for PalmVNC and UltraVNC style 1/n server-side scaling. * Improved Statistics reporting. * KeyboardLedState encoding. * LibVNCClient and x11vnc enhancements. * Many bugs and leaks fixed. * CVE-2006-2450 fix is already included, drop patch. - Use -allinput in x11vnc_ssh script. ------------------------------------------------------------------- Mon Jun 19 12:59:00 CEST 2006 - garloff@suse.de - Update to version 0.8. - Enable -fstack-protector for auth relevant files. - Fix some compiler warnings. - Disallow NoneAuth if password is set (#184418, CVE-2006-2450). ------------------------------------------------------------------- Fri Feb 24 22:51:21 CET 2006 - garloff@suse.de - Optimize event loop in LibVNCserver (from intel for Xen). ------------------------------------------------------------------- Wed Jan 25 21:33:41 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Fri Dec 30 20:45:29 CET 2005 - garloff@suse.de - Don't enable -threads by default; it's performance is nice, but the stability is not that great. - Include x11vnc_ssh in distribution. ------------------------------------------------------------------- Thu Dec 22 18:55:29 CET 2005 - garloff@suse.de - Workaround for -thread mode: Wait for a client being fully authenticated before sending data. ------------------------------------------------------------------- Wed Dec 21 15:27:36 CET 2005 - garloff@suse.de - Update to LibVNCServer-0.7.99 - Fix compiler detected bugs (uninitialized var, buffer overflow). - Package documentation. ------------------------------------------------------------------- Tue Dec 20 11:52:22 CET 2005 - ro@suse.de - do not try to detect LINUX by presence of /dev/vcsa1 ------------------------------------------------------------------- Sun Aug 21 03:27:19 CEST 2005 - garloff@suse.de - Initial creation of package LibVNCServer-0.7.1. -------------------------------------------------------------------