Bug#954163: marked as done (libvncserver: CVE-2019-15690)
Your message dated Thu, 09 Apr 2020 16:47:15 +0000
with message-id <E1jMaKh-0007FU-GD@fasolo.debian.org>
and subject line Bug#954163: fixed in libvncserver 0.9.11+dfsg-1.3+deb10u3
has caused the Debian Bug report #954163,
regarding libvncserver: CVE-2019-15690
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
954163: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: libvncserver: CVE-2019-15690
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Tue, 17 Mar 2020 16:58:04 +0100
- Message-id: <158446068404.3591319.15604601030619593178.reportbug@eldamar.local>
Source: libvncserver
Version: 0.9.12+dfsg-8
Severity: important
Tags: security upstream
Forwarded: https://github.com/LibVNC/libvncserver/issues/381
Hi,
The following vulnerability was published for libvncserver.
CVE-2019-15690[0].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-15690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15690
[1] https://www.openwall.com/lists/oss-security/2019/12/20/2
[2] https://github.com/LibVNC/libvncserver/issues/381
[3] https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libvncserver
Source-Version: 0.9.11+dfsg-1.3+deb10u3
Done: Mike Gabriel <sunweaver@debian.org>
We believe that the bug you reported is fixed in the latest version of
libvncserver, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 954163@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mike Gabriel <sunweaver@debian.org> (supplier of updated libvncserver package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 31 Mar 2020 07:05:57 +0200
Source: libvncserver
Binary: libvncclient1 libvncclient1-dbg libvncserver-config libvncserver-dev libvncserver1 libvncserver1-dbg
Architecture: source amd64
Version: 0.9.11+dfsg-1.3+deb10u3
Distribution: buster
Urgency: medium
Maintainer: Peter Spiess-Knafl <dev@spiessknafl.at>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Description:
libvncclient1 - API to write one's own VNC server - client library
libvncclient1-dbg - debugging symbols for libvncclient
libvncserver-config - API to write one's own VNC server - library utility
libvncserver-dev - API to write one's own VNC server - development files
libvncserver1 - API to write one's own VNC server
libvncserver1-dbg - debugging symbols for libvncserver
Closes: 954163
Changes:
libvncserver (0.9.11+dfsg-1.3+deb10u3) buster; urgency=medium
.
[ Antoni Villalonga ]
* debian/patches:
+ Add CVE-2019-15690 patch. libvncclient/cursor: limit
width/height input values. Avoids a possible heap overflow reported
by Pavel Cheremushkin. (Closes: #954163).
Checksums-Sha1:
b8f7528abe6e9a4f13166bb7d4f0b2424be080dc 2438 libvncserver_0.9.11+dfsg-1.3+deb10u3.dsc
bd42abab1860bd92890b580453d9865fc9d8e229 525748 libvncserver_0.9.11+dfsg.orig.tar.gz
115d28489ff6d0dc855e51911f99b0207a52d840 23760 libvncserver_0.9.11+dfsg-1.3+deb10u3.debian.tar.xz
c0f687dfde322fd62b57307d96748170293d3f3b 249104 libvncclient1-dbg_0.9.11+dfsg-1.3+deb10u3_amd64.deb
2eba6e700d18a547b1cd03ae284dd7001dcad569 142844 libvncclient1_0.9.11+dfsg-1.3+deb10u3_amd64.deb
6e29935153a98b6400834a499e1488ae246fed54 109436 libvncserver-config_0.9.11+dfsg-1.3+deb10u3_amd64.deb
668cf45b3bdc7263884a55cfc18f5669f1a22577 299336 libvncserver-dev_0.9.11+dfsg-1.3+deb10u3_amd64.deb
e337974dc03d3e94b8fc21e124034136ac02c4a0 537028 libvncserver1-dbg_0.9.11+dfsg-1.3+deb10u3_amd64.deb
303cc1a44af3ebb8017927d8b9ae1437db6e6970 211056 libvncserver1_0.9.11+dfsg-1.3+deb10u3_amd64.deb
fd66c862f4953c5519b5fa72db79b3d767c5cd8a 7984 libvncserver_0.9.11+dfsg-1.3+deb10u3_amd64.buildinfo
Checksums-Sha256:
fb7d64dde2b0d0271e75efb341d7842f3b1ab516623497387deeec57c688042d 2438 libvncserver_0.9.11+dfsg-1.3+deb10u3.dsc
ea27be2b923cc5e89fb2d93415fdc2373c90cdd2379cf9c671fa234482c69509 525748 libvncserver_0.9.11+dfsg.orig.tar.gz
f2bbdeacf2e1539f999c31ff89e88ac8682e97ce8b5a474887d29e5f10fe344f 23760 libvncserver_0.9.11+dfsg-1.3+deb10u3.debian.tar.xz
2af7a31ad9ea9a679ee890449a11d1e15ff8839613aa00ce28012594c5f5002e 249104 libvncclient1-dbg_0.9.11+dfsg-1.3+deb10u3_amd64.deb
806d387bbecf40489d406a53490dffaa352f64614529780d4ccf142b4093de9b 142844 libvncclient1_0.9.11+dfsg-1.3+deb10u3_amd64.deb
f0c0b6f61003b6d7d6051b0bc9aad9d5e5322e7518b98be2ff837355cf29fc03 109436 libvncserver-config_0.9.11+dfsg-1.3+deb10u3_amd64.deb
ad408f5d5e298e314f0abf013a95f29a54f5eb5a910d79f2543d581e223f04cd 299336 libvncserver-dev_0.9.11+dfsg-1.3+deb10u3_amd64.deb
79d9aa958f4a67300b8420064fbc4efc9861c73e2a117a5a7e9b0888d73449ff 537028 libvncserver1-dbg_0.9.11+dfsg-1.3+deb10u3_amd64.deb
404a60d6e29dba06d6d74ce0b40325dd3a53b2db513ec1aa28103840c1f4c5b6 211056 libvncserver1_0.9.11+dfsg-1.3+deb10u3_amd64.deb
91a6f2fc5c2d0034aea2db2adcd1a98e7016ebd58d8eb273db5d022636f5c555 7984 libvncserver_0.9.11+dfsg-1.3+deb10u3_amd64.buildinfo
Files:
0f628c29a3fbbed48bbc3fd486ce913a 2438 libs optional libvncserver_0.9.11+dfsg-1.3+deb10u3.dsc
192d76504c82a2b6a1a0eb979b2b0733 525748 libs optional libvncserver_0.9.11+dfsg.orig.tar.gz
cd207763317b6dc1177a5d31f0e07c0a 23760 libs optional libvncserver_0.9.11+dfsg-1.3+deb10u3.debian.tar.xz
9e86bc141b95e6be015551530adf3967 249104 debug extra libvncclient1-dbg_0.9.11+dfsg-1.3+deb10u3_amd64.deb
147e5458ee34cdf4168625f4d47c16f6 142844 libs optional libvncclient1_0.9.11+dfsg-1.3+deb10u3_amd64.deb
9e7c118a5208ae396efaaa6115971988 109436 libdevel optional libvncserver-config_0.9.11+dfsg-1.3+deb10u3_amd64.deb
0cfa433be2a99d3756c76eda1a6a8fe6 299336 libdevel optional libvncserver-dev_0.9.11+dfsg-1.3+deb10u3_amd64.deb
00b0bd2b489d812e3d0cca6ed8a277f7 537028 debug extra libvncserver1-dbg_0.9.11+dfsg-1.3+deb10u3_amd64.deb
5a7d42108fd9413e3fa034019b5b0503 211056 libs optional libvncserver1_0.9.11+dfsg-1.3+deb10u3_amd64.deb
889af454c019c3548aef8b12f1945d8f 7984 libs optional libvncserver_0.9.11+dfsg-1.3+deb10u3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl6C4NkACgkQgj6WdgbD
S5Z5BA//cBDuqjGBbDQsrkGECY3Ewfx1Vz4UnSjvtfGEVa4zMshctOZj2a+ocwWF
UC4aflfjZY6Za5ncD2MnAFiY/r1EuY87ENj36zGE/LUspUyilpk+q+z7xfhtOfN6
pQd4Q2cffEDJzrOOi9NQK2MNGU041kMYoDZw+UMW2OxvAtqCRAzH4m8Y+TJ4Wcug
QZ5VYJ2vOgk3j+Nn0EodQUGQ07dXUpiVz2P0vaWMezFqj1wJL/gjpproypa7lHa8
wTl8Pfj/dwStqY94pHgR3AzqFqbzgHBl95nv92CNhmyUxQzKdvu0qY7YIy/IOUPX
Lc4ykDTq8Tzp3uVvJxUKbcEs+CZ71P3GQzmzFs58f/03MffOG/N0I99IGVccvdnj
BJi9N9piaONwN+/y/agLz4shyLGmk2Voz3WNAE7rHfYY6OK9UjRQ7ReUx4vXbYRJ
gGqOaQANC0uBWorHmX9tH+LHzM6egUf5aqITzP88GH2Rtj6H/sye+V7xPqm3rKlt
2w5VNb58llbVCFOneCPkOwFu1uBnu/hqIN7X+fW+I5WwsU3V0ShKuNzoehU7j3mg
n+469yjiCcIhhfx0MAgDzpa/VfMTS6vXtYTlqSEQdnek/efDJuZ41wtzXyGeIaYe
WK+YcReahPHPsYAO9nA7TtTQha5TDFN3jOz0LivQRODRfgsbSPQ=
=JgIJ
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: