Bug#1019228: marked as done (libvncserver: CVE-2020-29260)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sun, 20 Nov 2022 12:35:58 +0000
with message-id <E1owjYE-009EuW-Bk@fasolo.debian.org>
and subject line Bug#1019228: fixed in libvncserver 0.9.13+dfsg-5
has caused the Debian Bug report #1019228,
regarding libvncserver: CVE-2020-29260
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1019228: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019228
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: libvncserver: CVE-2020-29260
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Mon, 05 Sep 2022 22:42:43 +0200
• Message-id: <166241056376.410260.6122528510412225898.reportbug@eldamar.lan>

Source: libvncserver
Version: 0.9.13+dfsg-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 0.9.13+dfsg-2

Hi,

The following vulnerability was published for libvncserver.

CVE-2020-29260[0]:
| libvncclient v0.9.13 was discovered to contain a memory leak via the
| function rfbClientCleanup().


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-29260
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29260
[1] https://github.com/LibVNC/libvncserver/commit/bef41f6ec4097a8ee094f90a1b34a708fbd757ec

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 1019228-close@bugs.debian.org
• Subject: Bug#1019228: fixed in libvncserver 0.9.13+dfsg-5
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Sun, 20 Nov 2022 12:35:58 +0000
• Message-id: <E1owjYE-009EuW-Bk@fasolo.debian.org>
• Reply-to: Mike Gabriel <sunweaver@debian.org>

Source: libvncserver
Source-Version: 0.9.13+dfsg-5
Done: Mike Gabriel <sunweaver@debian.org>

We believe that the bug you reported is fixed in the latest version of
libvncserver, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1019228@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel <sunweaver@debian.org> (supplier of updated libvncserver package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 20 Nov 2022 13:10:45 +0100
Source: libvncserver
Architecture: source
Version: 0.9.13+dfsg-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Remote Maintainers <debian-remote@lists.debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Closes: 1019228
Changes:
 libvncserver (0.9.13+dfsg-5) unstable; urgency=medium
 .
   [ Thosten Alteholz ]
   * debian/patches:
     + CVE-2020-29260: Add CVE-2020-29260.patch. Resolve memory leak in
       function rfbClientCleanup(). (Closes: #1019228).
 .
   [ Mike Gabriel ]
   * debian/watch:
     + Use tags-path on Github, not releases-path.
Checksums-Sha1:
 5f1e1eb460529e4b29dcc8578cdf3f731f6318f7 2326 libvncserver_0.9.13+dfsg-5.dsc
 4333273bcbebe3254cb4f605404a983f82c183b9 16892 libvncserver_0.9.13+dfsg-5.debian.tar.xz
 21a31453ec03690c166b8616a52a7353572377d3 7862 libvncserver_0.9.13+dfsg-5_source.buildinfo
Checksums-Sha256:
 ceff0e13f8ffafce233b2a8eb49cae3deb8714644adbceeb789a06ba2f0a142d 2326 libvncserver_0.9.13+dfsg-5.dsc
 59fd0c57c1119f99e7e754b19391ed9bf88316959f8df1b6b6de7b814021b813 16892 libvncserver_0.9.13+dfsg-5.debian.tar.xz
 b4eaec3d19a17bfcfd5900dc6de8454db6496f14fd01525e72517875bfc4b76c 7862 libvncserver_0.9.13+dfsg-5_source.buildinfo
Files:
 843d4feb85e5f9fdd733dbca24f02e1a 2326 libs optional libvncserver_0.9.13+dfsg-5.dsc
 15a2c38534ad2a622c676c01ac913c48 16892 libs optional libvncserver_0.9.13+dfsg-5.debian.tar.xz
 dc478f12b2a6012ba8265a8309be325f 7862 libs optional libvncserver_0.9.13+dfsg-5_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmN6GhYVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxICAP/RwjrwOVJC9GaMlc2hx+z42J2drv
HWgSrrqXuw4V4O+H9iFZZPod6HpwtE0PZPZQa+GO9HHHiUO3dTQLJkvYeGaqKlKd
PSY4ZQK/59CirwblQWpUaQ/jg1PQoBaqmTT84tJDuj6To0LugTZKchS7XUYvhkSy
vfjc/7vmBAP1qYzYfs677i32PTyFq+274MxHhRmxFulW3l9hkO03GNWA9N4ErWn5
ZaqMfGz+HnaF9Q6EOXYaumkPbnVComER0D8diA3aBQ2gY6L1+Fb57xis5oSGktJQ
XLQHy+f3AQNpM1rqQ23iD3JRp6OSacxe3TID4p4GhRFtuNPE89rj08mrdcc/si03
7kZgopFit46E+mG0hI9/U/cl23OFhu4fk74JRj5qsTsp26A0BQjQjzUn+Dt/fWhz
VUkukhrtbhE3XRm3jWFt1nz9YxwqT3XcL1jOcNTLci6JYwgl1KziqMlIBv62O2XO
hK4TZa1Z/gVzO0p7HGoDemddq3CgbTsYT40VuAbA0OmDxTCjCU01raOkeFhM2TaL
W0W4RlAdsgPQi9LeY1C2+mxElzMdwFa7nqQjoEmKqYTfwt3sYt3WFLS+fhx6gqeL
9AC2EiQjA+QB4jFPFUuvxckP+1nKDqaXM5ylBPJcJGMb5o3+FXaJhF7j/7uC8ifE
ZYqA3rZQk+4wn5um
=KAS3
-----END PGP SIGNATURE-----

--- End Message ---