Your message dated Thu, 29 Apr 2021 19:33:51 +0100 with message-id <f0a5098112e6f543168cb12a22c88dc623cdf2c9.ca...@kathenas.org> and subject line Re: Bug#987564: NMU: CVE-2020-25708 - Fix possible divide-by-zero. has caused the Debian Bug report #987564, regarding NMU: CVE-2020-25708 - Fix possible divide-by-zero. to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 987564: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987564 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: release.debian.org Severity: normal Tags: buster User: release.debian....@packages.debian.org Usertags: pu Hi, Sorry, no bug associated here, was confused how to subject the mail. Guidance for the future would be appreciated. I would like to do an NMU for CVE-2020-25708[1]. This seems to have been waiting a while and is fixed already in bullseye/sid and stretch. Because of this I feel it can just go into the next point release if approved. This update has been done during and part of this weekends bsp-2021-04-at-salzburg. Note: I am not a DM or DD and this will require a sponsor to upload if approved. [1] https://security-tracker.debian.org/tracker/CVE-2020-25708 Regards Phil -- *** Playing the game for the games own sake. *** WWW: https://kathenas.org Twitter: @kathenasorg Instagram: @kathenasorg IRC: kathenas GPG: 724AA9B52F024C8Bdiff -Nru libvncserver-0.9.11+dfsg/debian/changelog libvncserver-0.9.11+dfsg/debian/changelog --- libvncserver-0.9.11+dfsg/debian/changelog 2020-08-28 22:40:37.000000000 +0100 +++ libvncserver-0.9.11+dfsg/debian/changelog 2021-04-25 17:01:53.000000000 +0100 @@ -1,3 +1,10 @@ +libvncserver (0.9.11+dfsg-1.3+deb10u5) buster; urgency=medium + + * Non-maintainer upload. + * CVE-2020-25708: libvncserver: fix possible divide-by-zero. + + -- Phil Wyett <philip.wy...@kathenas.org> Sun, 25 Apr 2021 17:01:53 +0100 + libvncserver (0.9.11+dfsg-1.3+deb10u4) buster; urgency=medium * CVE-2019-20839: libvncclient: bail out if unix socket name would overflow. diff -Nru libvncserver-0.9.11+dfsg/debian/patches/CVE-2020-25708.patch libvncserver-0.9.11+dfsg/debian/patches/CVE-2020-25708.patch --- libvncserver-0.9.11+dfsg/debian/patches/CVE-2020-25708.patch 1970-01-01 01:00:00.000000000 +0100 +++ libvncserver-0.9.11+dfsg/debian/patches/CVE-2020-25708.patch 2021-04-25 17:01:53.000000000 +0100 @@ -0,0 +1,14 @@ +Index: libvncserver-0.9.11+dfsg/libvncserver/rfbserver.c +=================================================================== +--- libvncserver-0.9.11+dfsg.orig/libvncserver/rfbserver.c ++++ libvncserver-0.9.11+dfsg/libvncserver/rfbserver.c +@@ -3294,6 +3294,9 @@ rfbSendRectEncodingRaw(rfbClientPtr cl, + char *fbptr = (cl->scaledScreen->frameBuffer + (cl->scaledScreen->paddedWidthInBytes * y) + + (x * (cl->scaledScreen->bitsPerPixel / 8))); + ++ if(!h || !w) ++ return TRUE; /* nothing to send */ ++ + /* Flush the buffer to guarantee correct alignment for translateFn(). */ + if (cl->ublen > 0) { + if (!rfbSendUpdateBuf(cl)) diff -Nru libvncserver-0.9.11+dfsg/debian/patches/series libvncserver-0.9.11+dfsg/debian/patches/series --- libvncserver-0.9.11+dfsg/debian/patches/series 2020-08-28 22:40:19.000000000 +0100 +++ libvncserver-0.9.11+dfsg/debian/patches/series 2021-04-25 17:01:53.000000000 +0100 @@ -37,3 +37,4 @@ CVE-2020-14401.patch CVE-2020-14402+14403+14404.patch CVE-2020-14405.patch +CVE-2020-25708.patchsignature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---> Control: tags -1 - moreinfo On Sun, 2021-04-25 at 19:32 +0100, Philip Wyett wrote: > Control: tags -1 + moreinfo > > On Sun, 2021-04-25 at 18:34 +0100, Philip Wyett wrote: > > Package: release.debian.org > > Severity: normal > > Tags: buster > > User: release.debian....@packages.debian.org > > Usertags: pu > > > > Hi, > > > > Sorry, no bug associated here, was confused how to subject the mail. > > Guidance for the future > > would > > be appreciated. > > > > I would like to do an NMU for CVE-2020-25708[1]. > > > > This seems to have been waiting a while and is fixed already in > > bullseye/sid and stretch. > > Because > > of this I feel it can just go into the next point release if approved. > > > > This update has been done during and part of this weekends > > bsp-2021-04-at-salzburg. > > > > Note: I am not a DM or DD and this will require a sponsor to upload if > > approved. > > > > [1] https://security-tracker.debian.org/tracker/CVE-2020-25708 > > > > Regards > > > > Phil > > > > Hi, > > I have been asked to contact maintainer regarding this and a number of other > bugs. Marking > 'moreinfo' until I have spoken with the maintainer. > > Regards > > Phil > Hi, Package maintainer has submitted/uploaded this fix, so closing this bug. Regards Phil -- *** Playing the game for the games own sake. *** WWW: https://kathenas.org Twitter: @kathenasorg Instagram: @kathenasorg IRC: kathenas GPG: 724AA9B52F024C8Bsignature.asc
Description: This is a digitally signed message part
--- End Message ---