Your message dated Sat, 09 Jun 2018 15:06:32 +0000 with message-id <e1frfro-0006zv...@fasolo.debian.org> and subject line Bug#894045: fixed in libvncserver 0.9.11+dfsg-1.1 has caused the Debian Bug report #894045, regarding libvncserver: CVE-2018-7225 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 894045: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894045 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libvncserver Version: 0.9.11+dfsg-1 Severity: important Tags: patch security upstream Forwarded: https://github.com/LibVNC/libvncserver/issues/218 Hi, the following vulnerability was published for libvncserver. CVE-2018-7225[0]: | An issue was discovered in LibVNCServer through 0.9.11. | rfbProcessClientNormalMessage() in rfbserver.c does not sanitize | msg.cct.length, leading to access to uninitialized and potentially | sensitive data or possibly unspecified other impact (e.g., an integer | overflow) via specially crafted VNC packets. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-7225 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7225 [1] https://github.com/LibVNC/libvncserver/issues/218 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libvncserver Source-Version: 0.9.11+dfsg-1.1 We believe that the bug you reported is fixed in the latest version of libvncserver, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 894...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated libvncserver package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 05 Jun 2018 14:43:47 +0200 Source: libvncserver Binary: libvncclient1 libvncserver1 libvncserver-dev libvncserver-config libvncclient1-dbg libvncserver1-dbg Architecture: source Version: 0.9.11+dfsg-1.1 Distribution: unstable Urgency: high Maintainer: Peter Spiess-Knafl <d...@spiessknafl.at> Changed-By: Markus Koschany <a...@debian.org> Description: libvncclient1 - API to write one's own VNC server - client library libvncclient1-dbg - debugging symbols for libvncclient libvncserver-config - API to write one's own VNC server - library utility libvncserver-dev - API to write one's own VNC server - development files libvncserver1 - API to write one's own VNC server libvncserver1-dbg - debugging symbols for libvncserver Closes: 894045 Changes: libvncserver (0.9.11+dfsg-1.1) unstable; urgency=high . * Non-maintainer upload. * Fix CVE-2018-7225: Uninitialized and potentially sensitive data could be accessed by remote attackers because the msg.cct.length in rfbserver.c was not sanitized. (Closes: #894045) Checksums-Sha1: 24d0d5d3e284ff00633d82c94ff4f8282d6e7c6f 2557 libvncserver_0.9.11+dfsg-1.1.dsc 8ac6f4f1afc0be5c10d12dfa8cbcdb459e999810 13448 libvncserver_0.9.11+dfsg-1.1.debian.tar.xz 4bea25e53d2cc6c98d85483b014e24ee51f24e93 7973 libvncserver_0.9.11+dfsg-1.1_amd64.buildinfo Checksums-Sha256: fcbf42e1e3bd3c12ab2f06001041e6045957596a995765781f4c2ba3477269dc 2557 libvncserver_0.9.11+dfsg-1.1.dsc 54b105ae3d2e958d8bf3db3f3eabc318af0c11327fabe58a3aff363e77f481a9 13448 libvncserver_0.9.11+dfsg-1.1.debian.tar.xz b5ae2289af8bce401ad6ca651751e0c15b98f6c3e4a2b1ebc1defb97dbb6eff5 7973 libvncserver_0.9.11+dfsg-1.1_amd64.buildinfo Files: c8dee64e4bd7ccf117529a9d8084e078 2557 libs optional libvncserver_0.9.11+dfsg-1.1.dsc 12ad2a36c39a2de61a70c611a67237a6 13448 libs optional libvncserver_0.9.11+dfsg-1.1.debian.tar.xz 6f06736dad01e1c5695199fc570682e3 7973 libs optional libvncserver_0.9.11+dfsg-1.1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlsb3zlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk9mIQALpWFMnNhpfjuB8JUClDnBboW2HP7xUh5NzI wly6KrJF55HFgIWt9yK+XvoueDcsUYUpA+9DJ/vzShJpMJO4Ry1gRR+M9fK+b7F3 9hJyaPkzhxUafDSP0nu3vHbzI/3F0AyRSAgmlYuHf8mmO/wcJUX/xuquqooR9M/K zk4hj0GydvewKM3VPDRqMgRAYhfQ1qIrGcHK7hD5uft3qb/f1RduzvNuq50QSnF8 hvb8BqdQuynGdU0XGtWj4SAfXwTo8/os7BChluYgdY2yrEmOkApK6YxE3I3ALtmW 5AZIFjsfppzHjs8v8wYuu/GuU8hkPNINLJNd7fUi2l/f7KDAR55heV2cjDiCU/J5 H7968DSRtEM6TCjyhBCSqSfWJ3g0IYhlOQ5EfrBtFvtwnSZHFNAz31aRy42ZZ+91 K8878qJpKCA0RfV6pseacV8BIGPME65n4/QbD8VmyqU9yUOv0ZrGM0xe1Epip0sX tyx748d4Or0SiDP9YXxGfqBG4ERs6dsm4Nmwzpfoks4+kuLiSDUpRxKqW8Lp3udS 8cHBU+bnJQPf8VL9HXQNYWIYWO6gAx+acpAMje2VskUdJppKIyYsEJ62ESqyztbu k22ttUzWM3y0JUpaqekZS670fyqY5DBbCk+EbiIT5N/ovFLwMBaqxNobyLp5Tk5y f9VGFV83 =mhEN -----END PGP SIGNATURE-----
--- End Message ---
