Your message dated Mon, 15 Jun 2026 20:51:15 +0000
with message-id <[email protected]>
and subject line Bug#1138253: fixed in libvncserver 0.9.15+dfsg-6
has caused the Debian Bug report #1138253,
regarding libvncserver: Attacker-controlled heap out-of-bounds write in
libvncclient Tight decoder
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1138253: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138253
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libvncserver
Version: 0.9.15+dfsg-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
GHSA-v9pm-47h4-jcq8 (no CVE yet) describes:
Attacker-controlled heap out-of-bounds write in libvncclient Tight
decoder:
| A malicious (or man-in-the-middle) VNC server can force a connecting
| libvncclient to write attacker-controlled data past the end of its
| framebuffer. This is an out-of-bounds heap write with attacker-
| controlled length, contents, and offset. It needs no authentication
| (the attacker is the server), works in a default build with default
| settings, and fires from a single FramebufferUpdate the moment the
| victim connects. It crashes any client unconditionally (denial of
| service); we also demonstrated it overwriting an application callback
| pointer and redirecting execution to attacker-chosen code (code
| execution) under the default configuration.
https://github.com/LibVNC/libvncserver/security/advisories/GHSA-v9pm-47h4-jcq8
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libvncserver
Source-Version: 0.9.15+dfsg-6
Done: Sven Geuer <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libvncserver, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sven Geuer <[email protected]> (supplier of updated libvncserver package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 15 Jun 2026 22:15:05 +0200
Source: libvncserver
Architecture: source
Version: 0.9.15+dfsg-6
Distribution: unstable
Urgency: medium
Maintainer: Debian Remote Maintainers <[email protected]>
Changed-By: Sven Geuer <[email protected]>
Closes: 1138253
Changes:
libvncserver (0.9.15+dfsg-6) unstable; urgency=medium
.
[ Sven Geuer ]
* debian/patches:
+ 0004_CVE-2026-50538: Add patch fixing attacker-controlled heap
out-of-bounds write (Closes: #1138253).
* d/control:
+ Add myself to Uploaders.
+ Drop Priority and Rules-Requires-Root fields.
+ Bump Standards-Version to 4.7.4.
* d/copyright: Update packaging copyright holders.
* d/watch: Update watch file to version 5 format.
.
[ Debian Janitor ]
* Use secure URI in Homepage field.
* Set field Upstream-Contact in debian/copyright.
* Set upstream metadata fields: Repository.
* Remove obsolete fields Contact, Name from debian/upstream/metadata
(already present in machine-readable debian/copyright).
* Remove unnecessary get-orig-source-target.
* Remove constraints unnecessary since buster.
Checksums-Sha1:
464947ef9a78a2f72a7cb039fa53b4043454962b 2334 libvncserver_0.9.15+dfsg-6.dsc
e56810f65e8d1fa296a98c54205ad8db26bf3258 21288
libvncserver_0.9.15+dfsg-6.debian.tar.xz
a055b5a17acfb66c725687a3894591627f1ad95e 8484
libvncserver_0.9.15+dfsg-6_amd64.buildinfo
Checksums-Sha256:
44ba5e6f0f38516ff7eeea82ad832fe61f3683f41de4555f44b3f80461e14882 2334
libvncserver_0.9.15+dfsg-6.dsc
12065a758ee1be4b6deaffa1ccc93febaa5de86a9f411b796000cc9b211347ba 21288
libvncserver_0.9.15+dfsg-6.debian.tar.xz
5fec8a6d69473a03af66ce04a12c87dbd8d7eca9e685a46ee4e261754ccc9527 8484
libvncserver_0.9.15+dfsg-6_amd64.buildinfo
Files:
d17f5320e5fbd0821b92f409e9fd57b8 2334 libs optional
libvncserver_0.9.15+dfsg-6.dsc
5ab6a4420a5c71846b46d71d1533dc73 21288 libs optional
libvncserver_0.9.15+dfsg-6.debian.tar.xz
9903f3c700984c40459b022fdb357568 8484 libs optional
libvncserver_0.9.15+dfsg-6_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEEPfXoqkP8n9/QhvGVrfUO2vit1YUFAmowXkEPHHNnZUBkZWJp
YW4ub3JnAAoJEK31Dtr4rdWFjRgQAJbvzwPb9jVEE1fF6EWrcBZ1lY0nAebav0si
qkXYs65mSrrsMk9IE7DTyD81YB3TuofGbtKuUCjaN+25dz+VBgQRpyEweAOo9uGw
wLrsK8t5ZM04LMyOu5A1gSaGAmjYn6vKVUp1gvLd4EkD2+wo/zVPLHPTYhxx04ny
DlxfbixzLpl21pRiJmih7PRyaYb2OjLo37D+LACkArU4rFaq2mQBDy6oBZ9H5ZYs
gQxsTzhSpXeSB9z8NrFKnrMuyd6GkyYPHFymORwfVdBvRlR8p5JRr9dxlcLYCzji
C72f1hY5UiVyC8G+PdK0U0BGmVYz0fRs6RlTW7s93YtW0HyhINNH/RCvQgCwt9db
92ivW5ULSmy0KRU4kOTSgRJDCjgyDqAa6Vj25GzOs1Q9PByf9pgbpSPS/2vj5gbV
Ua5KjX0UprSLqGGOSTwpUSA/e1VDh4X60SCfd2JBkqa95il5tcQ/HFPF7b9rWXzH
HvcneSyWyK1bPerE7xcwSOM9Mo0H/yAMf1FcnrNw5OOGLSko2eg8hDHvHHk9OvHn
/Xp2HQEDKravPJm8Sakfk5phxWhT5+lDPiZjM4BAllTRcEBaDP/YN6sBree19OHv
lu152NTmJqTfuXihgtQm2HHQSHRG5pHNEGBEEuFm7OBXiAFpTG2inS6mX5Tx/fH+
YXdNxFUJ
=AVVO
-----END PGP SIGNATURE-----
pgpkXhC9mOTZU.pgp
Description: PGP signature
--- End Message ---
