Your message dated Wed, 13 May 2009 21:57:42 +0200
with message-id <20090513195742.ga27...@inguza.net>
and subject line Re: Bug#528204: xtightvncviewer: Viewer vulnerable to attack
by malicious/compromised VNC server
has caused the Debian Bug report #528204,
regarding xtightvncviewer: Viewer vulnerable to attack by malicious/compromised
VNC server
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
528204: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528204
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: xtightvncviewer
Version: 1.3.9-4
Severity: grave
Tags: security
Justification: user security hole
As far as I can tell, The Debian pagkages for xtightvncviewer
(also included unchanged in ubuntu) are still vulnerable to
known problem fixed upstream.
Advisory here:-
http://secunia.com/advisories/33807/
Fixed upstream as per:-
http://vnc-tight.sourceforge.net/release-1.3.10.html
Please correct me if I've missed anything!
With thanks,
--Simon
-- System Information:
Debian Release: 5.0.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-xen-686 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF8, LC_CTYPE=en_GB.UTF8 (charmap=locale: Cannot set
LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---
Hi
Yes this bug only affects the windows version. It is even so that
the described function (in the advisory) do not even exist in the
unix/linux version.
So I'm closing this bug now. Thanks for reporting though.
Better to report one time too much than not to report. :-)
Best regards,
// Ola
On Mon, May 11, 2009 at 06:28:44PM +0200, Nico Golde wrote:
> Hi,
> * Simon Iremonger <deb...@iremonger.me.uk> [2009-05-11 13:52]:
> [...]
> > As far as I can tell, The Debian pagkages for xtightvncviewer
> > (also included unchanged in ubuntu) are still vulnerable to
> > known problem fixed upstream.
> >
> > Advisory here:-
> > http://secunia.com/advisories/33807/
> >
> > Fixed upstream as per:-
> > http://vnc-tight.sourceforge.net/release-1.3.10.html
> >
> > Please correct me if I've missed anything!
> > With thanks,
>
> How did you verify this? From what I know this issue only
> affects the windows version.
>
> Cheers
> Nico
> --
> Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
> For security reasons, all text in this mail is double-rot13 encrypted.
--
--------------------- Ola Lundqvist ---------------------------
/ o...@debian.org Annebergsslingan 37 \
| o...@inguza.com 654 65 KARLSTAD |
| http://inguza.com/ +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
--- End Message ---
