diff options
author | Hartmut Goebel <h.goebel@crazy-compilers.com> | 2020-01-20 23:43:18 +0100 |
---|---|---|
committer | Hartmut Goebel <h.goebel@crazy-compilers.com> | 2020-01-22 12:43:49 +0100 |
commit | a789f654a0f370720b2c6b7856b9971dcc1d5eb1 (patch) | |
tree | 1ff81707588fcaab485ea1acb003e4a6fc9237bf /gnu/packages/patches/libvnc-CVE-2019-15681.patch | |
parent | 94c7ef932a5857020c2a5349ff1970b1809a080e (diff) | |
download | guix-a789f654a0f370720b2c6b7856b9971dcc1d5eb1.tar.gz |
gnu: Add libvnc.
* gnu/packages/vnc.scm (libvnc): New variable. gnu/packages/patches/libvnc-CVE-2018-20750.patch, gnu/packages/patches/libvnc-CVE-2019-15681.patch: New files. * gnu/local.mk: Add them.
Diffstat (limited to 'gnu/packages/patches/libvnc-CVE-2019-15681.patch')
-rw-r--r-- | gnu/packages/patches/libvnc-CVE-2019-15681.patch | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/gnu/packages/patches/libvnc-CVE-2019-15681.patch b/gnu/packages/patches/libvnc-CVE-2019-15681.patch new file mode 100644 index 0000000000..e328d87920 --- /dev/null +++ b/gnu/packages/patches/libvnc-CVE-2019-15681.patch @@ -0,0 +1,23 @@ +From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001 +From: Christian Beier <dontmind@freeshell.org> +Date: Mon, 19 Aug 2019 22:32:25 +0200 +Subject: [PATCH] rfbserver: don't leak stack memory to the remote + +Thanks go to Pavel Cheremushkin of Kaspersky for reporting. +--- + libvncserver/rfbserver.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c +index 3bacc891..310e5487 100644 +--- a/libvncserver/rfbserver.c ++++ b/libvncserver/rfbserver.c +@@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char *str, int len) + rfbServerCutTextMsg sct; + rfbClientIteratorPtr iterator; + ++ memset((char *)&sct, 0, sizeof(sct)); ++ + iterator = rfbGetClientIterator(rfbScreen); + while ((cl = rfbClientIteratorNext(iterator)) != NULL) { + sct.type = rfbServerCutText; |