Package: xvnc4viewer Severity: grave Tags: security, patch Justification: user security hole
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for vnc4. CVE-2008-4770[0]: | The CMsgReader::readRect function in the VNC Viewer component in | RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 | through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote | VNC servers to execute arbitrary code via crafted RFB protocol data, | related to "encoding type." The upstream patch[1] can be found in the redhat bugreport[2]. For lenny, this could be fixed via migration from unstable. Please CC secure-testing-t...@lists.alioth.debian.org when you email the release team and ask for the unblock, so we are kept in the loop. I guess the issue is also severe enough to warrant a DSA update. I haven't tried to exploit it yet though. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4770 http://security-tracker.debian.net/tracker/CVE-2008-4770 [1] https://bugzilla.redhat.com/attachment.cgi?id=329323 [2] https://bugzilla.redhat.com/show_bug.cgi?id=480590 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
