Bug#954163: marked as done (libvncserver: CVE-2019-15690)
Your message dated Thu, 09 Apr 2020 16:47:36 +0000
with message-id <E1jMaL2-0007MP-11@fasolo.debian.org>
and subject line Bug#954163: fixed in libvncserver 0.9.11+dfsg-1.3~deb9u4
has caused the Debian Bug report #954163,
regarding libvncserver: CVE-2019-15690
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
954163: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: libvncserver: CVE-2019-15690
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Tue, 17 Mar 2020 16:58:04 +0100
- Message-id: <158446068404.3591319.15604601030619593178.reportbug@eldamar.local>
Source: libvncserver
Version: 0.9.12+dfsg-8
Severity: important
Tags: security upstream
Forwarded: https://github.com/LibVNC/libvncserver/issues/381
Hi,
The following vulnerability was published for libvncserver.
CVE-2019-15690[0].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-15690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15690
[1] https://www.openwall.com/lists/oss-security/2019/12/20/2
[2] https://github.com/LibVNC/libvncserver/issues/381
[3] https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libvncserver
Source-Version: 0.9.11+dfsg-1.3~deb9u4
Done: Mike Gabriel <sunweaver@debian.org>
We believe that the bug you reported is fixed in the latest version of
libvncserver, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 954163@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mike Gabriel <sunweaver@debian.org> (supplier of updated libvncserver package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 31 Mar 2020 07:56:01 +0200
Source: libvncserver
Binary: libvncclient1 libvncserver1 libvncserver-dev libvncserver-config libvncclient1-dbg libvncserver1-dbg
Architecture: source amd64
Version: 0.9.11+dfsg-1.3~deb9u4
Distribution: stretch
Urgency: medium
Maintainer: Peter Spiess-Knafl <dev@spiessknafl.at>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Description:
libvncclient1 - API to write one's own VNC server - client library
libvncclient1-dbg - debugging symbols for libvncclient
libvncserver-config - API to write one's own VNC server - library utility
libvncserver-dev - API to write one's own VNC server - development files
libvncserver1 - API to write one's own VNC server
libvncserver1-dbg - debugging symbols for libvncserver
Closes: 954163
Changes:
libvncserver (0.9.11+dfsg-1.3~deb9u4) stretch; urgency=medium
.
[ Antoni Villalonga ]
* debian/patches:
+ Add CVE-2019-15690 patch. libvncclient/cursor: limit
width/height input values. Avoids a possible heap overflow reported
by Pavel Cheremushkin. (Closes: #954163).
Checksums-Sha1:
326f779e1142a36411663fed1121bbfc4e3e73b1 2434 libvncserver_0.9.11+dfsg-1.3~deb9u4.dsc
bd42abab1860bd92890b580453d9865fc9d8e229 525748 libvncserver_0.9.11+dfsg.orig.tar.gz
a794392178b83d6dbef6b89ced74d53350da56be 23816 libvncserver_0.9.11+dfsg-1.3~deb9u4.debian.tar.xz
b5436d0866f824518526f042eb3e7281316fc584 220970 libvncclient1-dbg_0.9.11+dfsg-1.3~deb9u4_amd64.deb
0ad11b2f923539eddd34ba13b38016d0ad5c5540 141448 libvncclient1_0.9.11+dfsg-1.3~deb9u4_amd64.deb
f3732a2720a5007298c83258e8933733700b6e36 109412 libvncserver-config_0.9.11+dfsg-1.3~deb9u4_amd64.deb
02f04f437bbb77cdfcb3a8d78b47cb37d2a05110 297308 libvncserver-dev_0.9.11+dfsg-1.3~deb9u4_amd64.deb
bd321ebac58c3a6851f334792ffb27bd1278e2bd 462032 libvncserver1-dbg_0.9.11+dfsg-1.3~deb9u4_amd64.deb
81102cf219bad7274753dfed9dd881936c047554 210360 libvncserver1_0.9.11+dfsg-1.3~deb9u4_amd64.deb
1c95e1743e58ce9a3f34a80d28ff7ac6e9f7c624 8398 libvncserver_0.9.11+dfsg-1.3~deb9u4_amd64.buildinfo
Checksums-Sha256:
bf9fab56e745efd273a72e18edcf807e68ec917706563ee69ad67d6923f1d64a 2434 libvncserver_0.9.11+dfsg-1.3~deb9u4.dsc
ea27be2b923cc5e89fb2d93415fdc2373c90cdd2379cf9c671fa234482c69509 525748 libvncserver_0.9.11+dfsg.orig.tar.gz
bfd3dd39c2e41a3c9c706501631ab423d0c8e49bdd6d88b6580388b699a33a76 23816 libvncserver_0.9.11+dfsg-1.3~deb9u4.debian.tar.xz
da352213893ec2fc90cb68db5a69b9b59d5f8aa70c3ee8a77f422be66fe48565 220970 libvncclient1-dbg_0.9.11+dfsg-1.3~deb9u4_amd64.deb
47935846931bdd6d50ddae98ae7f9bc101069c29781259c154327d101eaea0cd 141448 libvncclient1_0.9.11+dfsg-1.3~deb9u4_amd64.deb
f7b2dfb077564e27b1cd8e0511290b6f95786ff644a73b08921b099d0f8ecbcb 109412 libvncserver-config_0.9.11+dfsg-1.3~deb9u4_amd64.deb
3faf96d61f8ed0f65dc1c2c2f3cfe22cc88797e60ee11db670b5cc8b98cb1bdc 297308 libvncserver-dev_0.9.11+dfsg-1.3~deb9u4_amd64.deb
ee5fd798c69aa32fe5c8d71b2b973a33002bb537c28d720ff449176f9dca0649 462032 libvncserver1-dbg_0.9.11+dfsg-1.3~deb9u4_amd64.deb
097a2ab3ae17ce9ea1a0318dbfd623e2da0f290806ae2faaaecc66f0c57ed4f9 210360 libvncserver1_0.9.11+dfsg-1.3~deb9u4_amd64.deb
032bee360b87756ee3af3e0e90b530bc407bd4c990cf677dec11118ebc052222 8398 libvncserver_0.9.11+dfsg-1.3~deb9u4_amd64.buildinfo
Files:
4d6fe0e121aa8c1ff236aa327a02e7c2 2434 libs optional libvncserver_0.9.11+dfsg-1.3~deb9u4.dsc
192d76504c82a2b6a1a0eb979b2b0733 525748 libs optional libvncserver_0.9.11+dfsg.orig.tar.gz
a9aa46fa31bb622c2bd86da5c7b984ab 23816 libs optional libvncserver_0.9.11+dfsg-1.3~deb9u4.debian.tar.xz
080ad332ca82a899104def1a0228be61 220970 debug extra libvncclient1-dbg_0.9.11+dfsg-1.3~deb9u4_amd64.deb
64251feeae86737f5ee5c6f68afe6a5b 141448 libs optional libvncclient1_0.9.11+dfsg-1.3~deb9u4_amd64.deb
3dada08d3d6affbe6f9d30960e2496a0 109412 libdevel optional libvncserver-config_0.9.11+dfsg-1.3~deb9u4_amd64.deb
383978bef2587bab9792d0a8c2488030 297308 libdevel optional libvncserver-dev_0.9.11+dfsg-1.3~deb9u4_amd64.deb
d80c18bcb95f9c09a6ae2365cc1ddc25 462032 debug extra libvncserver1-dbg_0.9.11+dfsg-1.3~deb9u4_amd64.deb
7d8eab16f9b2d917c086cf59f3583485 210360 libs optional libvncserver1_0.9.11+dfsg-1.3~deb9u4_amd64.deb
0eff19b2e9f2c0acf6d08d0fe22b564b 8398 libs optional libvncserver_0.9.11+dfsg-1.3~deb9u4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl6C3ysACgkQgj6WdgbD
S5btrw/+LqotO/W07xR5jlcad7sJKmXmGem6GRe/8K5BuKx/SV59LMzZrrCT3gkz
CVp2nXimKWamXeLHyk2h0UNgZh+fHe0LvJYkEDYHLJwaDZAwQBROUqycWrR/6BY2
3O25db0RgW9LYFWkOyC4vgzZ+47nCGSIh/xjcr6yFiFWL+QNx+jZVKVqo4ej6lZJ
EwX9ru6XEPM2zxJ0v4cE0QluCRKVYYSEc14RK3k3Q+lSl9vBkNLvGA5yq5FZvTGk
Dd494BPy05FTHcGHRWpmKHkLFRTSyABt6dtQL8WFy4PStZe4l0x8eWZW6zNDcEMc
VFlaNjRVDuo/vMI3Msi2JVpOd9bPsFT4G3KzvtH+dQ9duU4mpDvpYTlyxt9Nl6wy
MOeHBitTadQVYRP+vRSJYgIfROvR5+gTLiYLsrdkOt2H5TduuAvrmXgUHw374yks
cPqvd0zyDb+ljgvBICzCvZUHWtuErWStWah2Y1q/6kAKhRal0mCyMImVLEKTqvjw
O/rd7opybk1BJG2UhRSP/Z2GygZomKkLryXKdqb2SMousbc1z3J59F+crOWmgQsj
8CuUCf5Q7btr5nKYajmzmr4jUYlb1LtE47OugytgjToA+i/gH/QMXvZWTGYvpo+0
HMHubJMLXyJwKXC02XKTfoiWSgJ9fC/HZxuB1ybxKabPnPwIRpk=
=JR3T
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: