Source: tigervnc Version: 1.6.0+dfsg-4 Severity: grave Tags: security patch upstream Justification: user security hole
Hi, the following vulnerability was published for tigervnc. CVE-2014-8240[0]: | Integer overflow in TigerVNC allows remote VNC servers to cause a | denial of service (crash) and possibly execute arbitrary code via | vectors related to screen size handling, which triggers a heap-based | buffer overflow, a similar issue to CVE-2014-6051. More details are in the Red Hat bug[1] which includes a patch[2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-8240 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8240 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1151307 [2] https://bugzilla.redhat.com/attachment.cgi?id=947578 Regards, Salvatore
