Re: Revert "CVE-2019-15690/libvncserver: reference embedded copies in italc/ssvnc/tightvnc/veyon/vncsnapshot"

To: Sylvain Beucler <beuc@beuc.net>
Cc: Debian LTS <debian-lts@lists.debian.org>, team@security.debian.org
Subject: Re: Revert "CVE-2019-15690/libvncserver: reference embedded copies in italc/ssvnc/tightvnc/veyon/vncsnapshot"
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 18 Mar 2020 19:27:10 +0100
Message-id: <[🔎] 20200318182710.jbmxjlzrbxtv3xfg@inutil.org>
In-reply-to: <[🔎] 3a4437b8-07eb-0d05-13e9-67c095db459d@beuc.net>
References: <[🔎] 3a4437b8-07eb-0d05-13e9-67c095db459d@beuc.net>

[debian-security@ is totally unrelated here, if you want to reach the
Security team the correct address is team@security.debian.org]

On Wed, Mar 18, 2020 at 06:14:36PM +0100, Sylvain Beucler wrote:
> I excluded 3 out of 8 packages. I only added packages that actually
> contain the impacted code (VNC client connection, using original RealVNC
> codebase).

"Contains the impacted code" is not the relevant criterion here, it's
"contains the impacted code and the respective library function can be
triggered in a security-relevant scenario/trust boundaries are crossed".

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: CVE-2019-15690/libvncserver: reference embedded copies in italc/ssvnc/tightvnc/veyon/vncsnapshot ?
  - From: Sylvain Beucler <beuc@beuc.net>

References:
- Re: Revert "CVE-2019-15690/libvncserver: reference embedded copies in italc/ssvnc/tightvnc/veyon/vncsnapshot"
  - From: Sylvain Beucler <beuc@beuc.net>

Prev by Date: Re: Revert "CVE-2019-15690/libvncserver: reference embedded copies in italc/ssvnc/tightvnc/veyon/vncsnapshot"
Next by Date: Re: Triage for freeradius/CVE-2019-20510
Previous by thread: Re: Revert "CVE-2019-15690/libvncserver: reference embedded copies in italc/ssvnc/tightvnc/veyon/vncsnapshot"
Next by thread: Re: CVE-2019-15690/libvncserver: reference embedded copies in italc/ssvnc/tightvnc/veyon/vncsnapshot ?
Index(es):
- Date
- Thread