Package: tigervnc-viewer Version: 1.7.0+dfsg-1 Severity: normal Tags: upstream
The VNC viewer mistakenly handles certificate exceptions as certificate authorities. Thus, the owner of a certificate, for which an exception was added, can impersonate any VNC server. This is issue CVE-2020-26117. -- System Information: Debian Release: 10.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-9-amd64 (SMP w/16 CPU cores) Kernel taint flags: TAINT_WARN Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages tigervnc-viewer depends on: ii libc6 2.28-10 ii libfltk-images1.3 1.3.4-9 ii libfltk1.3 1.3.4-9 ii libgcc1 1:8.3.0-6 ii libgnutls30 3.6.7-4+deb10u5 ii libjpeg62-turbo 1:1.5.2-2+b1 ii libstdc++6 8.3.0-6 ii libx11-6 2:1.6.7-1+deb10u1 ii libxext6 2:1.3.3-1+b2 ii libxrender1 1:0.9.10-1 ii zlib1g 1:1.2.11.dfsg-1 tigervnc-viewer recommends no packages. Versions of packages tigervnc-viewer suggests: ii tigervnc-common 1.10.1+dfsg-8~bpo10+1 -- no debconf information
