Your message dated Thu, 29 Dec 2016 20:15:14 +0100
with message-id
<CABY6=0=kpxsk78j9sohrxpuaox_hxjro2c3ly5lsg2wvz6h...@mail.gmail.com>
and subject line Re: [Pkg-tigervnc-devel] Bug#849478: tigervnc: CVE-2014-8241:
NULL pointer dereference flaw in XRegion
has caused the Debian Bug report #849478,
regarding tigervnc: CVE-2014-8241: NULL pointer dereference flaw in XRegion
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
849478: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849478
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: tigervnc
Version: 1.6.0+dfsg-4
Severity: grave
Tags: security upstream patch
Justification: user security hole
Hi,
the following vulnerability was published for tigervnc.
CVE-2014-8241[0]:
| XRegion in TigerVNC allows remote VNC servers to cause a denial of
| service (NULL pointer dereference) by leveraging failure to check a
| malloc return value, a similar issue to CVE-2014-6052.
The Red Hat bug[1] contains details and a patch[2].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-8241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8241
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1151312
[2] https://bugzilla.redhat.com/attachment.cgi?id=946490
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Version: 1.6.0+dfsg-2
Hi Salvatore
I have looked into this bug however and this one is indeed solved.
Unless I'm looking with very grumble eyes (I probably do as I should
be in bed).
// Ola
On 27 December 2016 at 17:04, Salvatore Bonaccorso <car...@debian.org> wrote:
> Source: tigervnc
> Version: 1.6.0+dfsg-4
> Severity: grave
> Tags: security upstream patch
> Justification: user security hole
>
> Hi,
>
> the following vulnerability was published for tigervnc.
>
> CVE-2014-8241[0]:
> | XRegion in TigerVNC allows remote VNC servers to cause a denial of
> | service (NULL pointer dereference) by leveraging failure to check a
> | malloc return value, a similar issue to CVE-2014-6052.
>
> The Red Hat bug[1] contains details and a patch[2].
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2014-8241
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8241
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1151312
> [2] https://bugzilla.redhat.com/attachment.cgi?id=946490
>
> Regards,
> Salvatore
>
> _______________________________________________
> Pkg-tigervnc-devel mailing list
> pkg-tigervnc-de...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-tigervnc-devel
--
--------------------- Ola Lundqvist ---------------------------
/ o...@debian.org Folkebogatan 26 \
| o...@inguza.com 654 68 KARLSTAD |
| http://inguza.com/ +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
--- End Message ---
