Bug#849479: marked as done (tigervnc: CVE-2014-8240: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling)

Wed, 28 Dec 2016 14:09:29 -0800 

Your message dated Wed, 28 Dec 2016 23:05:35 +0100
with message-id 
<CABY6=0nyane89j4cogo6j3fkkobptyo1bbrz65y-8uj5-lj...@mail.gmail.com>
and subject line Was corrected in first version uploaded
has caused the Debian Bug report #849479,
regarding tigervnc: CVE-2014-8240: integer overflow flaw, leading to a 
heap-based buffer overflow in screen size handling
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
849479: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849479
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: tigervnc
Version: 1.6.0+dfsg-4
Severity: grave
Tags: security patch upstream
Justification: user security hole

Hi,

the following vulnerability was published for tigervnc.

CVE-2014-8240[0]:
| Integer overflow in TigerVNC allows remote VNC servers to cause a
| denial of service (crash) and possibly execute arbitrary code via
| vectors related to screen size handling, which triggers a heap-based
| buffer overflow, a similar issue to CVE-2014-6051.

More details are in the Red Hat bug[1] which includes a patch[2].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2014-8240
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8240
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1151307
[2] https://bugzilla.redhat.com/attachment.cgi?id=947578

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Version: 1.6.0+dfsg-2

Hi

This problem was corrected already in the version that was first
uploaded to sid.

Best regards

// Ola

-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  o...@inguza.com                    Folkebogatan 26            \
|  o...@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------

--- End Message ---

Reply via email to