Your message dated Mon, 08 Dec 2014 15:32:27 +0000
with message-id <e1xy0iv-000682...@franck.debian.org>
and subject line Bug#762745: fixed in libvncserver 0.9.9+dfsg-1+deb7u1
has caused the Debian Bug report #762745,
regarding [CVE-2014-6051 to CVE-2014-6055] Multiple issues in libVNCserver
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
762745: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762745
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libvncserver
Severity: important
Tags: security
Hi there,
the following vulnerabilities were published for libVNCserver:
CVE-2014-6051 Integer overflow in MallocFrameBuffer() on client side.
CVE-2014-6052 Lack of malloc() return value checking on client side.
CVE-2014-6053 Server crash on a very large ClientCutText message.
CVE-2014-6054 Server crash when scaling factor is set to zero.
CVE-2014-6055 Multiple stack overflows in File Transfer feature.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
http://seclists.org/oss-sec/2014/q3/639
Please adjust the affected versions in the BTS as needed and clone this bug if
you are not going to fix all these problems together.
Regards, luciano
--- End Message ---
--- Begin Message ---
Source: libvncserver
Source-Version: 0.9.9+dfsg-1+deb7u1
We believe that the bug you reported is fixed in the latest version of
libvncserver, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 762...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tobias Frost <t...@debian.org> (supplier of updated libvncserver package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 28 Nov 2014 21:34:11 +0000
Source: libvncserver
Binary: libvncserver0 libvncserver-dev libvncserver-config libvncserver0-dbg
linuxvnc
Architecture: source amd64
Version: 0.9.9+dfsg-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Luca Falavigna <dktrkr...@debian.org>
Changed-By: Tobias Frost <t...@debian.org>
Description:
libvncserver-config - API to write one's own vnc server - library utility
libvncserver-dev - API to write one's own vnc server - development files
libvncserver0 - API to write one's own vnc server
libvncserver0-dbg - debugging symbols for libvncserver
linuxvnc - VNC server to allow remote access to a tty
Closes: 762745
Changes:
libvncserver (0.9.9+dfsg-1+deb7u1) wheezy-security; urgency=high
.
* Non-maintainer upload for the Security Team.
* CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055:
Multiple issues in libVNCserver -- cherry picking targeted fixed from
upstream. (Closes: #762745)
Checksums-Sha1:
9c10b0dab7b8ae2a093d50b32ca782ecce7684ba 2214
libvncserver_0.9.9+dfsg-1+deb7u1.dsc
753f8242b08a0bd263b8c6d0842752b85c2752c9 870165
libvncserver_0.9.9+dfsg.orig.tar.gz
90acc2d53c53e2c37b0fe839d2537ca08c34eff6 16968
libvncserver_0.9.9+dfsg-1+deb7u1.debian.tar.gz
7ccb1f68dd3dd1eb9e650ec4f4fdd00580e5686c 279898
libvncserver0_0.9.9+dfsg-1+deb7u1_amd64.deb
b9a5fbd15cbe0a5cde52c8a02a1cd429044c8c46 334830
libvncserver-dev_0.9.9+dfsg-1+deb7u1_amd64.deb
7d02a0bb0eaf0dd77a531e770125cb06987276ea 74754
libvncserver-config_0.9.9+dfsg-1+deb7u1_amd64.deb
141cda543570a6731be708e8e147662aa58d250a 595114
libvncserver0-dbg_0.9.9+dfsg-1+deb7u1_amd64.deb
38bb36ebc4a9280a8f01ecc55454e6e59228de15 86864
linuxvnc_0.9.9+dfsg-1+deb7u1_amd64.deb
Checksums-Sha256:
e1d3bcd74a0ac271fe68f8f40f9187463c39c9da3a85d66f8614f9ca8bb1b9f0 2214
libvncserver_0.9.9+dfsg-1+deb7u1.dsc
8586a0b6caa3ddb2efada804e888713232b2ced8e86a83b96b81c2016c387412 870165
libvncserver_0.9.9+dfsg.orig.tar.gz
015c7de9a50149c4931f878191459444231d6257b946914653b87f98a1879c57 16968
libvncserver_0.9.9+dfsg-1+deb7u1.debian.tar.gz
e5b44e2a33296941a5b685bc3ffecda419c8c9e9efaaf43bd18403227c2882a5 279898
libvncserver0_0.9.9+dfsg-1+deb7u1_amd64.deb
f02c7a7a97b076421d6c79fe7078e200bfc5bcdff7b9b6ef1274bb6345dbbf62 334830
libvncserver-dev_0.9.9+dfsg-1+deb7u1_amd64.deb
fd3bdb43a43c678a27a95c5d6933f213a4f3c5c0a725390e5f7a566fa4bd75e3 74754
libvncserver-config_0.9.9+dfsg-1+deb7u1_amd64.deb
9d7079f26c8971f034bfc965e948654b18f21643eb04c2d80bf9c177671b9f77 595114
libvncserver0-dbg_0.9.9+dfsg-1+deb7u1_amd64.deb
9eab74c8e3ce3c42be2077f2b96ed4d0490b9962e0a7ea231319d83d01e021b5 86864
linuxvnc_0.9.9+dfsg-1+deb7u1_amd64.deb
Files:
a96c660abd3188674f089568661f511b 2214 libs optional
libvncserver_0.9.9+dfsg-1+deb7u1.dsc
2321da04142992da018a6176bcdf774e 870165 libs optional
libvncserver_0.9.9+dfsg.orig.tar.gz
30bffb6b53e1a7b1020720a4df42389c 16968 libs optional
libvncserver_0.9.9+dfsg-1+deb7u1.debian.tar.gz
551167e335bacf56c51ad552c243a21f 279898 libs optional
libvncserver0_0.9.9+dfsg-1+deb7u1_amd64.deb
cae464263857ca0e97ef220f36928035 334830 libdevel optional
libvncserver-dev_0.9.9+dfsg-1+deb7u1_amd64.deb
d80382c57cbf2d673c2cec459cccdc6a 74754 libdevel optional
libvncserver-config_0.9.9+dfsg-1+deb7u1_amd64.deb
96018cd3dc3964109bcaffcd2e9aec34 595114 debug extra
libvncserver0-dbg_0.9.9+dfsg-1+deb7u1_amd64.deb
f6d9dc0499afc18b3f05cd55c4ed822c 86864 net optional
linuxvnc_0.9.9+dfsg-1+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUecgQAAoJEJFk+h0XvV02u3gQANFHZR10k60xRj2Mzko0GbV3
AFNRP7mfXOeR78wad3SZPNnfIu7eSTWhdM11cKdXyGJoxFM/uwyFaE6ymwpoHWVB
avZvLiLPc8uKqufU39pZUMSFkfIkR/Kk+0Fo/06gtpXIvZHzx7wOjCoGcEhVUvfz
ieBwsexhoGsrwamtZR3MQjchfB5SCvuvOiLD4HFiKMpgzjz56e+zBBtUKk5Jjvs4
bRapBo1dSuaHVOKV4hjCqJ1p/wU99Fuu/uMRrDTK053WLYREKiw2KCC3wUWusDJi
7eEdkiP69JhKKSDT3vTIuv5yyNILlTzn1duXdI3QI0rlAiTDY4AwLyreSVLde7S4
GBnpdt8/bpMfxqWNOs3ICCTPQfqaICwWxTJg21+AP2R1uOvpRyrJHXzgo9Wjo31v
ST5clCXZffjcrlb8i5LI+UfAZJ4cgJ7wadL8qWoL49e5Bqo/wjgSTej9XwLlXEKA
9AQQgVzAF4QffpXOD+QwSleBipL7M+3ldb5UNlMLtfkxFohv7z5ZGjQGeKshMH3k
XucH9xMhF4UzeUKIPSlL2HPd9PgHdlfJpk1Dwg8hNbPrRs1829o/RqxSdhIXU8gc
KAFEfBRv9DIcXtou9r1q9htBpoPVFwOMS8ut3dAsoViSjHgjg1n32GSDm3Y6Pbyn
gzbC3uR/GixNB7yxklhM
=ntGD
-----END PGP SIGNATURE-----
--- End Message ---
