tags 376824 - patch thanks On Wed, Jul 05, 2006 at 12:15:44PM +0200, Martin Pitt wrote: > Ludwig Nussel <[EMAIL PROTECTED]> discovered that libvncserver has > the same authentication bypass as realvnc (in CVE-2006-2369), although > it's completely different code. > > This has been fixed by upstream: > > > http://libvncserver.cvs.sourceforge.net/libvncserver/libvncserver/libvncserver/auth.c?r1=1.11&r2=1.14&diff_format=u
Unfortunately, this patch does not even remotely apply to the version in unstable; the version in unstable seems to be on revision 1.3 or earlier from CVS, while the patch is against 1.11 (and _lots_ of changes applied between then). I'm not even sure if the version in unstable is affected, but I haven't done anything to check; in any case, I'm unsetting the patch tag. /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]