Package: libvncserver Version: 0.7.1-5 Severity: grave Tags: security patch
Ludwig Nussel <[EMAIL PROTECTED]> discovered that libvncserver has the same authentication bypass as realvnc (in CVE-2006-2369), although it's completely different code. This has been fixed by upstream: http://libvncserver.cvs.sourceforge.net/libvncserver/libvncserver/libvncserver/auth.c?r1=1.11&r2=1.14&diff_format=u Please see the original realvnc CVE for more information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2369 For libvncserver, this has been assigned CVE-2006-2450. Please mention this number in the changelog when you fix this. Please also coordinate with [EMAIL PROTECTED] for a stable-security update. Thank you! Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature