Bug#916941: libvncserver: Multiple security vulnarabilities

2019-01-02 Thread Salvatore Bonaccorso
Control: tags -1 + patch Attached is proposed debdiff for the update, but though not yet uploaded. The fix for CVE-2018-15126 unfortunately introduced two new symbols while dropping CloseUndoneFileTransfer, but afaics from sources.d.n search nobody is using it directly. Regards, Salvatore diff

Processed: Re: Bug#916941: libvncserver: Multiple security vulnarabilities

2019-01-02 Thread Debian Bug Tracking System
Processing control commands: > tags -1 + patch Bug #916941 [libvncserver] libvncserver: Multiple security vulnerabilities Added tag(s) patch. -- 916941: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#916941: libvncserver: Multiple security vulnarabilities

2019-01-02 Thread Salvatore Bonaccorso
Hi I have been working on an update for libvncserver for unstable (buster) as NMU. I will post a proposed debdiff when I'm relatively confident on the result. Regards, Salvatore

Bug#916941: libvncserver: Multiple security vulnarabilities

2018-12-20 Thread Salvatore Bonaccorso
Hi There is one more issue assigned now: CVE-2018-6307: https://security-tracker.debian.org/tracker/CVE-2018-6307 https://github.com/LibVNC/libvncserver/issues/241 https://github.com/LibVNC/libvncserver/commit/ca2a5ac02fbbadd0a21fabba779c1ea69173d10b https://ics-cert.kaspersky.com/advisories/klc

Bug#916941: libvncserver: Multiple security vulnarabilities

2018-12-20 Thread Markus Koschany
Package: libvncserver X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for libvncserver. CVE-2018-15126[0]: | LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains | heap use-after-free vulnerability in server