Hi Mike, Thanks for taking care of this and updating the package to the last release. This should fix the issue but I don't have the opportunity (as I'm not on buster yet) nor the time to test it.
Greets, Quentin Le mar. 3 déc. 2019 à 09:28, Mike Gabriel <mike.gabr...@das-netzwerkteam.de> a écrit : > Hi Quentin, > > thanks for reporting the below bug and fixing things upstream... > > On Thu, 09 Aug 2018 15:52:29 +0200 Quentin BUATHIER > <qbuath...@tetrane.com> wrote: > > Package: libvncserver1 > > Version: 0.9.11+dfsg-1+deb9u1 > > Severity: important > > Tags: patch > > > > In the upstream source of the project, there is an use-after-free > that can lead > > to an infinite wait of a non-existing thread during the shutdown of > the VNC > > server if some clients are still connected. > > > > This causing an issue in Virtualbox which uses this package when a > VNC client > > is connected and that we shutdown the VM (the VM will be stuck in a > buggy > > state). See https://www.virtualbox.org/ticket/17396 for the ticket in > > Virtualbox's bug tracker for more informations. > > > > There is actually a pull request on upstream fixing this issue > > (https://github.com/LibVNC/libvncserver/pull/238). There is also > another issue, > > a segmentation fault in the same use case when we are using a > multi-threaded > > VNC server (also fixed by the same pull request). > > > > Virtualbox need both fixes to work correctly without a segmentation > fault or a > > infinite wait and probably some others packages using libvncserver. > > > > The issue isn't present on Jessie with the version 0.9.9 of the package. > > As the new libvncserver Debian maintainer, I have prepared a test build > and upload candidate for Debian buster of libvncserver that fixes this > issue: > http://packages.sunweavers.net/debian/pool/main/libv/libvncserver/ > > You can also add "deb http://packages.sunweavers.net/debian buster main" > to your APT configuration and use apt for installing the upload > candidate. (Make sure you disable the repo again afterwards and that you > don't grab other packages from there by accident). > > Here is the archive key: > https://packages.sunweavers.net/archive.key > > If you don't have time for testing this, I'd appreciate a quick feedback > anyway. > > Greets + Thanks, > Mike >