tags 514360 + patch thanks * Helge Kreutzmann <deb...@helgefjell.de> [2009-02-06 19:07]: > Please see > http://www.heise-online.co.uk/news/Vulnerabilities-in-UltraVNC-and-TightVNC--/112562 > for a description. 1.3.9 is affected, while 1.3.10 is fixed. I did not > verify the Debian version to be affected but believe so. > > According to the linked advisories this is > > Class: Integer overflow > Remotely Exploitable: Yes > Locally Exploitable: No > Bugtraq ID: 33568 > CVE Name: CVE-2009-0388 [...]
Upstream patch: http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564 Please reference the CVE id in the changelog if you fix this. Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgp6jreG0487W.pgp
Description: PGP signature
