Bug#762745: marked as done ([CVE-2014-6051 to CVE-2014-6055] Multiple issues in libVNCserver)

Fri, 28 Nov 2014 08:39:26 -0800 

Your message dated Fri, 28 Nov 2014 16:34:50 +0000
with message-id <e1xuovo-0007k4...@franck.debian.org>
and subject line Bug#762745: fixed in libvncserver 0.9.9+dfsg-6.1
has caused the Debian Bug report #762745,
regarding [CVE-2014-6051 to CVE-2014-6055] Multiple issues in libVNCserver
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
762745: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762745
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libvncserver
Severity: important
Tags: security

Hi there,
    the following vulnerabilities were published for libVNCserver:

CVE-2014-6051 Integer overflow in MallocFrameBuffer() on client side.
CVE-2014-6052 Lack of malloc() return value checking on client side.
CVE-2014-6053 Server crash on a very large ClientCutText message.
CVE-2014-6054 Server crash when scaling factor is set to zero.
CVE-2014-6055 Multiple stack overflows in File Transfer feature.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

http://seclists.org/oss-sec/2014/q3/639

Please adjust the affected versions in the BTS as needed and clone this bug if 
you are not going to fix all these problems together.

Regards, luciano

--- End Message ---
--- Begin Message --- 
Source: libvncserver
Source-Version: 0.9.9+dfsg-6.1

We believe that the bug you reported is fixed in the latest version of
libvncserver, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 762...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tobias Frost <t...@debian.org> (supplier of updated libvncserver package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 23 Nov 2014 16:19:53 +0100
Source: libvncserver
Binary: libvncclient0 libvncserver0 libvncserver-dev libvncserver-config 
libvncclient0-dbg libvncserver0-dbg linuxvnc
Architecture: source amd64
Version: 0.9.9+dfsg-6.1
Distribution: unstable
Urgency: medium
Maintainer: Luca Falavigna <dktrkr...@debian.org>
Changed-By: Tobias Frost <t...@debian.org>
Description:
 libvncclient0 - API to write one's own vnc server - client library
 libvncclient0-dbg - debugging symbols for libvncclient
 libvncserver-config - API to write one's own vnc server - library utility
 libvncserver-dev - API to write one's own vnc server - development files
 libvncserver0 - API to write one's own vnc server
 libvncserver0-dbg - debugging symbols for libvncserver
 linuxvnc   - VNC server to allow remote access to a tty
Closes: 762745
Changes:
 libvncserver (0.9.9+dfsg-6.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055:
     Multiple issues in libVNCserver -- cherry picking targeted fixed from
     upstream (Closes: #762745)
Checksums-Sha1:
 6546f3f98c88d0bdc851f5641d2bf8b6bd02b057 2406 libvncserver_0.9.9+dfsg-6.1.dsc
 dfabe375125fffd77a13c98e7d313a6437490925 21860 
libvncserver_0.9.9+dfsg-6.1.debian.tar.xz
 a9e8c19c6f542007f942e513f403f32e671eeb64 125226 
libvncclient0_0.9.9+dfsg-6.1_amd64.deb
 30e0f191ca5907e78c14a4c02bbe8452084cf602 192034 
libvncserver0_0.9.9+dfsg-6.1_amd64.deb
 b0b6ff06bd03ff520edf4a62e0824ebd268cf0dd 275632 
libvncserver-dev_0.9.9+dfsg-6.1_amd64.deb
 92a549c988835ab7855de08c81920e5dedbbb3aa 90512 
libvncserver-config_0.9.9+dfsg-6.1_amd64.deb
 efd4f67a6ebfd78d0ad8c8d2ce163d8808696d39 173156 
libvncclient0-dbg_0.9.9+dfsg-6.1_amd64.deb
 c0ccdfe9c81db6882e24ac18c84d42716e979eb7 382900 
libvncserver0-dbg_0.9.9+dfsg-6.1_amd64.deb
 adea0233aa3d38dec44d7d58c308ea19013c6498 86500 
linuxvnc_0.9.9+dfsg-6.1_amd64.deb
Checksums-Sha256:
 7a28bf115be27d84240ac7a6c4964cddc7d4b7ef7d73133436b732219c1f5664 2406 
libvncserver_0.9.9+dfsg-6.1.dsc
 502670cd2ae96d5cbafa0387e94529421152617aa59d20d726a57e24e771a18a 21860 
libvncserver_0.9.9+dfsg-6.1.debian.tar.xz
 1e2b4fb28dea737cf0aa583552a57ff02244b378f9529f706e7dd8c8cd1deb37 125226 
libvncclient0_0.9.9+dfsg-6.1_amd64.deb
 15359ef274f3be793e78691dfef20ef5e4dbbc089e9f99fc8c79e249c05e5a5a 192034 
libvncserver0_0.9.9+dfsg-6.1_amd64.deb
 2bd51d2a8cfb4c970c312edb779b373a003e768237c9dfeaba0f945342ba71c5 275632 
libvncserver-dev_0.9.9+dfsg-6.1_amd64.deb
 9da87b8a87437d0ee57a35e240425ecb1f4625abc04190bb3fd4f5bdb938668c 90512 
libvncserver-config_0.9.9+dfsg-6.1_amd64.deb
 f263a992583303c5923cb6fd3bb5c392ccda22831f40adb87f9c56dc1e2ea77f 173156 
libvncclient0-dbg_0.9.9+dfsg-6.1_amd64.deb
 17bdc1d11ae316b57257631f520286769416e3397f53b367ef0801965d436200 382900 
libvncserver0-dbg_0.9.9+dfsg-6.1_amd64.deb
 1a3c632899de38b39733313c252a17f4ea71f4f53a451b3e6b7c2455053f03ff 86500 
linuxvnc_0.9.9+dfsg-6.1_amd64.deb
Files:
 255d829efb55501d225cc1731e0c48d6 2406 libs optional 
libvncserver_0.9.9+dfsg-6.1.dsc
 c2458b74138d3b9692bb59b1f7c769ed 21860 libs optional 
libvncserver_0.9.9+dfsg-6.1.debian.tar.xz
 a1cc3624641b5432a9884eb6d1825e9c 125226 libs optional 
libvncclient0_0.9.9+dfsg-6.1_amd64.deb
 1052b76b045ae7e5c26ce0b99a6c7351 192034 libs optional 
libvncserver0_0.9.9+dfsg-6.1_amd64.deb
 d707b0a09ab7dc8e255bed42e4cf442c 275632 libdevel optional 
libvncserver-dev_0.9.9+dfsg-6.1_amd64.deb
 899ddb909fa86533822f18325b84000d 90512 libdevel optional 
libvncserver-config_0.9.9+dfsg-6.1_amd64.deb
 8aef5bde882fec80429c8c72ac94da01 173156 debug extra 
libvncclient0-dbg_0.9.9+dfsg-6.1_amd64.deb
 5f783c82b79257cb7dd0d702cd1b1e35 382900 debug extra 
libvncserver0-dbg_0.9.9+dfsg-6.1_amd64.deb
 4e6d20c50bf3607027f4f954f45fd3e0 86500 net optional 
linuxvnc_0.9.9+dfsg-6.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUcgTLAAoJEJFk+h0XvV02V/UP/2kXde1kJnmnqKPZO0/4bV+c
mkJJF17cNKLuPwZcuzmuzfUPAF1wKCulqO5LfNkD386octdoQo/dkuZTT2JWVczK
Z3+0KbSslhW89yzPPc+tXEhj1SVOlfvuVONeqOo3jSR7I9UpEAtSKckULp6amKy3
JqSsLEAPJEFVIIHEMAA1VgxwLO7+wuySXUN2b+jL759r8JyCHQ+h49tvTMTNDtfc
SHbOSTZ0Y/rH4JSVRM5YkR1dgXGtufwlWnlBpZoj6hGbMtJSNJLFs0EmShdGQ7s1
HAmdn5MUHdGGKYcaxys0YRjyYfGpfCF1gZt1ZWxfmgHF3M9CPLGqJgd5vxgJNmIY
aypMdDTVELH1RvONUOFcOlmHJoq28IgWjI7MqLyEA3lzSPQ/37FBbdhcnrq6+NuR
HZXnFj/xADEUeS5E3qKCelbHMbBouaBpcmWL097YLz1yZkWww45FCTPzlqLbGcUu
949VKBy0RwseMgZJ+pPg73dcZKtfsf4DYj2fsq7Ye390s9iGkGA6gjXkOnmEEn4b
hXBv1uD+Ahtj+1RxSkx54/NMKD6S1/DrgN6E4y7mMBKkuaxyVF5Oljr3z+TleiRh
Imwajbuqadclcf/MB4x16VT4ZmVy56BO5NcSPzBuQWtApVCWu83Siieg9tGxCbAR
ypAWCQnMnQr7EEJf26in
=7AIs
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to