Your message dated Thu, 29 Dec 2016 22:49:33 +0000 with message-id <e1cmjvt-000ezs...@fasolo.debian.org> and subject line Bug#849478: fixed in tigervnc 1.7.0-2 has caused the Debian Bug report #849478, regarding tigervnc: CVE-2014-8241: NULL pointer dereference flaw in XRegion to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 849478: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849478 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: tigervnc Version: 1.6.0+dfsg-4 Severity: grave Tags: security upstream patch Justification: user security hole Hi, the following vulnerability was published for tigervnc. CVE-2014-8241[0]: | XRegion in TigerVNC allows remote VNC servers to cause a denial of | service (NULL pointer dereference) by leveraging failure to check a | malloc return value, a similar issue to CVE-2014-6052. The Red Hat bug[1] contains details and a patch[2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-8241 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8241 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1151312 [2] https://bugzilla.redhat.com/attachment.cgi?id=946490 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: tigervnc Source-Version: 1.7.0-2 We believe that the bug you reported is fixed in the latest version of tigervnc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 849...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ola Lundqvist <o...@debian.org> (supplier of updated tigervnc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 29 Dec 2016 22:04:35 +0000 Source: tigervnc Binary: tigervnc-common tigervnc-scraping-server tigervnc-standalone-server tigervnc-xorg-extension tigervnc-viewer Architecture: source amd64 Version: 1.7.0-2 Distribution: unstable Urgency: high Maintainer: TigerVNC Packaging Team <pkg-tigervnc-de...@lists.alioth.debian.org> Changed-By: Ola Lundqvist <o...@debian.org> Description: tigervnc-common - Virtual network computing; Common software needed by servers tigervnc-scraping-server - VNC server uses screen scraping of an already running X server tigervnc-standalone-server - Standalone VNC server tigervnc-viewer - Virtual network computing client software for X tigervnc-xorg-extension - X server vnc extension Closes: 849478 Changes: tigervnc (1.7.0-2) unstable; urgency=high . * Most of CVE-2014-8241 was already corrected but this update correct one missing part of that CVE. Closes: #849478. * Added a versioned dependency on xorg source. Checksums-Sha1: 9329003fa69f29cf8d768b2d3cda829765ef87f0 4419 tigervnc_1.7.0-2.dsc cf0a3da725a360e36c99f7571324b3f62f9bcbe2 42192 tigervnc_1.7.0-2.debian.tar.xz 01cce1cef1df77271b8e4dad2b7b4b65e1d034ff 235760 tigervnc-common-dbgsym_1.7.0-2_amd64.deb f36b40774c27c52d38d8d0656fe7ed0f03a192f2 63798 tigervnc-common_1.7.0-2_amd64.deb bbdadf267932e6541414a45d155bdb55d36722e0 1152198 tigervnc-scraping-server-dbgsym_1.7.0-2_amd64.deb 5e323bdd0d0987647328bc3a3eda1bf4eee0d905 185828 tigervnc-scraping-server_1.7.0-2_amd64.deb 5e5dfc15426ef7a8495c525eadc93efa68fbd60b 5833228 tigervnc-standalone-server-dbgsym_1.7.0-2_amd64.deb f360a36f5388de96588fdbdac74cfb12e89b8e6d 982028 tigervnc-standalone-server_1.7.0-2_amd64.deb 0036b3284ccf5f9568379f184f4f57d9a7a099a3 1008534 tigervnc-viewer-dbgsym_1.7.0-2_amd64.deb 831dac815c48bb0ac981743b5134d32600c31a28 164830 tigervnc-viewer_1.7.0-2_amd64.deb ef42bff26f4b9c779bf2a0422d26778e13f5aed6 1309484 tigervnc-xorg-extension-dbgsym_1.7.0-2_amd64.deb 2e804cacb3706a116443d340033fa7aca271385a 194568 tigervnc-xorg-extension_1.7.0-2_amd64.deb 70b4f7d4a01614a8849bbf604693234f78af0a5e 13986 tigervnc_1.7.0-2_amd64.buildinfo Checksums-Sha256: a05e78379d867795fe3ce4707b08bc78b240d0dea8d7bc47bb608b5722cffd27 4419 tigervnc_1.7.0-2.dsc 2c34ca0e642575b959111c7af59ae070eff07f7b77a14c03450ca3a45c864406 42192 tigervnc_1.7.0-2.debian.tar.xz 17714ddeb435a0e1bdc14bf56c4e4cfdd2eea611a56ed094cea97f062f97d6a4 235760 tigervnc-common-dbgsym_1.7.0-2_amd64.deb af6fa70625d0e524e246162923f8b24da2c08ee5bb599fced476eb04ec9e5c4c 63798 tigervnc-common_1.7.0-2_amd64.deb b0bb05c224f438898bce611ee660fd7bc4cc0faad4536382546cf895927c84f3 1152198 tigervnc-scraping-server-dbgsym_1.7.0-2_amd64.deb 498878b68ebd53c1dd5d2765b0ce6f4944f2ab16783cc17db1924e4e37998054 185828 tigervnc-scraping-server_1.7.0-2_amd64.deb bf010090c3e939e3ec5b1a878aa5e74a691189c0533be922be462d3463800121 5833228 tigervnc-standalone-server-dbgsym_1.7.0-2_amd64.deb e1082133427bcd1c9fa9e1e7e3b255171088ca0ad4f7e40e8492bfaef5bee910 982028 tigervnc-standalone-server_1.7.0-2_amd64.deb 106c05fcff5c432d0761002a74db737c1736102ab4c946c67ebda9bec336ff2a 1008534 tigervnc-viewer-dbgsym_1.7.0-2_amd64.deb f0e50b65a24cd5ed239c9bb61fa9d2b0d5efbbb81e31280acb47e8c20b5bf78e 164830 tigervnc-viewer_1.7.0-2_amd64.deb af24acf97258122ff4df1056168e5866f77370513462f9a347d8e4c426ea22c8 1309484 tigervnc-xorg-extension-dbgsym_1.7.0-2_amd64.deb 9451eca8360e1289ddb632ee03e2b4584a8bba45383bef6afce52fcb1822b09a 194568 tigervnc-xorg-extension_1.7.0-2_amd64.deb ce73e349c84a30c3119fa43e9e9a38c724eef934bbd54c5ea7d21a3026f6e292 13986 tigervnc_1.7.0-2_amd64.buildinfo Files: 755efb901aec4117e7a4ff40802c6ca3 4419 x11 optional tigervnc_1.7.0-2.dsc b8c59aa51ef678fa9e24e08fe2bef75f 42192 x11 optional tigervnc_1.7.0-2.debian.tar.xz 3be6e0902bf784f59b4e79d796f6d029 235760 debug extra tigervnc-common-dbgsym_1.7.0-2_amd64.deb b3a72ba659a3d13872066ef3e8d885a5 63798 x11 optional tigervnc-common_1.7.0-2_amd64.deb beea44947a4e3960265a20e4bf6fb564 1152198 debug extra tigervnc-scraping-server-dbgsym_1.7.0-2_amd64.deb 3b457513366684be501483a7e8ccad66 185828 x11 optional tigervnc-scraping-server_1.7.0-2_amd64.deb 3311d254564310da0aefcae9cb75ed71 5833228 debug extra tigervnc-standalone-server-dbgsym_1.7.0-2_amd64.deb 67e6a10bdbd886c4ff96891f34714202 982028 x11 optional tigervnc-standalone-server_1.7.0-2_amd64.deb cc0abf269420dbc74149732b3d4256d2 1008534 debug extra tigervnc-viewer-dbgsym_1.7.0-2_amd64.deb 46775c55059202e957ac6948ce1a2d61 164830 x11 optional tigervnc-viewer_1.7.0-2_amd64.deb 37212c230ce56e126c54beb40840c33d 1309484 debug extra tigervnc-xorg-extension-dbgsym_1.7.0-2_amd64.deb 125c161e7d58264b48a6865364003dc1 194568 x11 optional tigervnc-xorg-extension_1.7.0-2_amd64.deb 7dc1449dab339bbb64289dd168e52bb2 13986 x11 optional tigervnc_1.7.0-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEIvIyxrHg9L8rJgpqXpDc+pQmh28FAlhljcAACgkQXpDc+pQm h29EBw//TYarOf5ZivxL1NYFZYUO5gUT1T0Ae4AUatbJMntcp2YwyvJaNXSTYf2u ZqT2Pg+MSPFPn2FdhaOrYOmYqxpwLpqLS1bsgSIhElm6TbV/l7aGIhcdOv86734G KsYFi+TQqJ4H0ZilMqzGRsrPTpjlcwixzcXSkSA0jHOXHOsh/0dcYk2BuEUClEQu KtLQYlzX1actkdVAYxfKH/BSspmYndRUE4+cbD475dk9+SC56/0C3/WqtoEhQeC/ k8IL/souHcuuxAzTP1e7PiRBcfjnBp+j6JJ39HfqCuW0UkuZZ6yHYnXy+HbXrJAx r/PfZkuzu6NTJ1aaVksNYlmrTIM1Mzfx0z6WJvW3szDfGvxeb9P/nrMR8Gzi3wGF Txaq0QDzDQLpv5Wb5vpiBIhwB3VN8eUJ4UpeAbjwbL72jVs5LL3Jz8V++o76fMsT /VgIGy0SWgdWUhRKJ5XPqMEaKfT84KIjbDFVVMvs97IxbHJpDm5dQ0WHUJGem0f+ YXhYB9U2Qa4TkGpaZsu4S9YR+EPA1K6YDIUKf1pQFcxDfUFwDZ7hqlsY/61qVQXy gviXiKF4OJMUtQshWQQ5NaGrFtkednao4bE5KBHgFQTs4XDkHz7OFg3kbaW2F/d6 ezL0gbmF/OH7Gi688bbMw7OeD97hLionn8V/ozzeoH0swvzwza4= =bCZ1 -----END PGP SIGNATURE-----
--- End Message ---
