Debian Patches

Status for ssvnc/1.0.29-6

Patch Description Author Forwarded Bugs Origin Last update
confusing_-h.patch Improve handling of -h[e[l[p]]] Catches -he and -hel as well, instead of letting wish print its usage
message (that sounds like an error message).
Magnus Holmgren <> no debian
ultraftp_path.patch Use hardcoded (and correct for the Debian package) path to ultraftp.jar if SSVNC_ULTRA_FTP_JAR is unset. Magnus Holmgren <> no
nostrip.patch Don't strip ssvncviewer; let dh_strip handle that (or not, depending on build options) no
buildflags.patch Pass CFLAGS and LDFLAGS to xmkmf-generated Makefiles Pass CFLAGS and LDFLAGS through via ./Makefile as
CDEBUGFLAGS and LOCAL_LDFLAGS to vnc_unixsrc/*/Makefile
Magnus Holmgren <> no
format-security.patch Fix format-security warnings/errors Replaces fprintf(stderr, str) with fputs(str, stderr) (where str in
most cases is argv[0]) and also one instance of sprintf (without
format string) with snprintf (with format string).
Magnus Holmgren <> no
openssl1.1.patch no
auto-scale.patch Make autoscaling work. 1) Add a StructureNotifyMask event handler to be notified of windows resizings,
rather than checking for size changes twice every second in the Expose handler.
Using the size of "form" seems to work best. Skip checking for pressed mouse
buttons - those shouldn't matter in this situation, and the old code aborted
if modifier keys were pressed or Caps Lock or Num Lock active.
2) Avoid freaking out if the windows haven't been realized yet -
instead use scale factor 1. This prevented setting -scale auto
on the command line from working.
yes debian upstream
samemachine_ip6_overflow.patch Use a struct sockaddr_storage to retrieve local and peer addresses and compare according to address family. Also check if -rawlocal was specified before even checking whether the remote machine is the local one. no debian
libvncclient_CVE-2018-20020.patch CVE-2018-20020 heap out-of-bound write vulnerability inside structure in VNC client code that
can result remote code execution
libvncclient_CVE-2018-20021.patch CVE-2018-20021 CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows
attacker to consume excessive amount of resources like CPU and RAM
libvncclient_CVE-2018-20022.patch CVE-2018-20022 multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC
client code that allows attacker to read stack memory and can be abuse for
information disclosure. Combined with another vulnerability, it can be used
to leak stack memory layout and in bypassing ASLR
libvncclient_CVE-2018-20024.patch CVE-2018-20024 null pointer dereference in VNC client code that can result DoS. no
no-xmkmf.patch Replace Imake Makefiles with simple makefiles.
Helmut Grohne <> no debian
sendclipboard-fix.patch Make sure that -sendclipboard actually uses the clipboard
diff --git a/vnc_unixsrc/vncviewer/selection.c b/vnc_unixsrc/vncviewer/selection.c
index 48b0a98..beb6916 100644
OmegaPhil <> no debian

All known versions for source package 'ssvnc'