[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#954163: marked as done (libvncserver: CVE-2019-15690)

Your message dated Tue, 31 Mar 2020 07:18:57 +0000
with message-id <E1jJBAn-000IY3-GO@fasolo.debian.org>
and subject line Bug#954163: fixed in libvncserver 0.9.12+dfsg-9
has caused the Debian Bug report #954163,
regarding libvncserver: CVE-2019-15690
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
954163: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: libvncserver
Version: 0.9.12+dfsg-8
Severity: important
Tags: security upstream
Forwarded: https://github.com/LibVNC/libvncserver/issues/381

Hi,

The following vulnerability was published for libvncserver.

CVE-2019-15690[0].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-15690
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15690
[1] https://www.openwall.com/lists/oss-security/2019/12/20/2
[2] https://github.com/LibVNC/libvncserver/issues/381
[3] https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: libvncserver
Source-Version: 0.9.12+dfsg-9
Done: Antoni Villalonga <antoni@friki.cat>

We believe that the bug you reported is fixed in the latest version of
libvncserver, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 954163@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Antoni Villalonga <antoni@friki.cat> (supplier of updated libvncserver package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 21 Mar 2020 12:51:24 +0100
Source: libvncserver
Architecture: source
Version: 0.9.12+dfsg-9
Distribution: unstable
Urgency: medium
Maintainer: Debian Remote Maintainers <debian-remote@lists.debian.org>
Changed-By: Antoni Villalonga <antoni@friki.cat>
Closes: 954163
Changes:
 libvncserver (0.9.12+dfsg-9) unstable; urgency=medium
 .
   * Bump Standards-Version: to 4.5.0. No changes needed.
   * debian/patches:
     + Add CVE-2019-15690/0001-heap-buffer-overflow.patch. (Closes: #954163).
Checksums-Sha1:
 204054e98c040cdf704c582129aa80c99ee070a1 2297 libvncserver_0.9.12+dfsg-9.dsc
 513e5644ec82b9970016735ddb49d8428f53d3c6 17888 libvncserver_0.9.12+dfsg-9.debian.tar.xz
 587e258ae75bdbe2f0a06da3c609fdd267e3ab81 8384 libvncserver_0.9.12+dfsg-9_amd64.buildinfo
Checksums-Sha256:
 033a7299b6d31440061458c86c697566bce9fb3e764247c1cbe0918a04c6e495 2297 libvncserver_0.9.12+dfsg-9.dsc
 18fef933a0384bed2aaeae174fd1112bcfbbdd9941d1ecd72bc8d5ce7738a1dd 17888 libvncserver_0.9.12+dfsg-9.debian.tar.xz
 628ad97821139bff4be19fd4f03b87a76a14723f04cd85e119a6fb02782cbf45 8384 libvncserver_0.9.12+dfsg-9_amd64.buildinfo
Files:
 6d938782e9010cfe98c2fcc41ce3fa23 2297 libs optional libvncserver_0.9.12+dfsg-9.dsc
 bd5c50f69c96fa73a29003a6c535d6be 17888 libs optional libvncserver_0.9.12+dfsg-9.debian.tar.xz
 7b8f0e4118a62f68edacc11735b353ac 8384 libs optional libvncserver_0.9.12+dfsg-9_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl6C7EEACgkQgj6WdgbD
S5a+oxAApP9Krak4f+Nj57T1Np8KjyxJyDM1plTmsCrNrUagt4JN0Mc2sm5OoIv5
uL8sLhlPiq5qHf96zSqkwOSoxSQ7IdnrMMft0NLf8Ad5atSORAZ278saNvS6RBA5
5udZAq1raqA6Duadb+E8+WxJ95gVHrq+bG+/KV6gSiAnmoD3x/8/Lp4HkZ+HJbak
3TGi8oyHFgKZI4K5JB8xiKlTzEwnYBTHKvBK7l0vsdUzZ3DxbmK7e4/Np66clr3M
QeHvAQZNjKB6D4xFjQGrg2uG4SydwBeGJ117CP6fZ7OrqsCw72CSyR3ukWhKSTQ2
3DKMfkiukm5BOXETvqc7XVdn7kDjNfyF18z8+iwzSM/JN5qywPM9ZqLWnZfD0BzK
uvkRaOy84YShj+46ttm6lq9V0Dg4kSG8K46yjpiSzxF2ulfsi2dxKVFRMg0i6n5g
brZzu5RuVCdRW2LMX6wp9VlzWgcjmREkJIoursf3Vfse0mBzjK9BgETnHWFfPu2c
w9JKUWtu1hLXR6QOom+VwX2C4r1ahPaBlg3fTjALqIZagFzxy3YicvH3lP/pGlWO
ddZoZMz8xbhM7+XXVJysCKJki7PuGro87oJOQ1C39kVWXo2yz0wxXRxiMaCqMUno
EzCczPXsq9HKQisqOQCaaFnr06cogHb+fzQ9uCjCjF9rUXASsdI=
=ILfn
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: