Bug#762745: marked as done ([CVE-2014-6051 to CVE-2014-6055] Multiple issues in libVNCserver)
Your message dated Mon, 08 Dec 2014 15:32:27 + with message-id e1xy0iv-000682...@franck.debian.org and subject line Bug#762745: fixed in libvncserver 0.9.9+dfsg-1+deb7u1 has caused the Debian Bug report #762745, regarding [CVE-2014-6051 to CVE-2014-6055] Multiple issues in libVNCserver to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 762745: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762745 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libvncserver Severity: important Tags: security Hi there, the following vulnerabilities were published for libVNCserver: CVE-2014-6051 Integer overflow in MallocFrameBuffer() on client side. CVE-2014-6052 Lack of malloc() return value checking on client side. CVE-2014-6053 Server crash on a very large ClientCutText message. CVE-2014-6054 Server crash when scaling factor is set to zero. CVE-2014-6055 Multiple stack overflows in File Transfer feature. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: http://seclists.org/oss-sec/2014/q3/639 Please adjust the affected versions in the BTS as needed and clone this bug if you are not going to fix all these problems together. Regards, luciano ---End Message--- ---BeginMessage--- Source: libvncserver Source-Version: 0.9.9+dfsg-1+deb7u1 We believe that the bug you reported is fixed in the latest version of libvncserver, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 762...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tobias Frost t...@debian.org (supplier of updated libvncserver package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 28 Nov 2014 21:34:11 + Source: libvncserver Binary: libvncserver0 libvncserver-dev libvncserver-config libvncserver0-dbg linuxvnc Architecture: source amd64 Version: 0.9.9+dfsg-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Luca Falavigna dktrkr...@debian.org Changed-By: Tobias Frost t...@debian.org Description: libvncserver-config - API to write one's own vnc server - library utility libvncserver-dev - API to write one's own vnc server - development files libvncserver0 - API to write one's own vnc server libvncserver0-dbg - debugging symbols for libvncserver linuxvnc - VNC server to allow remote access to a tty Closes: 762745 Changes: libvncserver (0.9.9+dfsg-1+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload for the Security Team. * CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055: Multiple issues in libVNCserver -- cherry picking targeted fixed from upstream. (Closes: #762745) Checksums-Sha1: 9c10b0dab7b8ae2a093d50b32ca782ecce7684ba 2214 libvncserver_0.9.9+dfsg-1+deb7u1.dsc 753f8242b08a0bd263b8c6d0842752b85c2752c9 870165 libvncserver_0.9.9+dfsg.orig.tar.gz 90acc2d53c53e2c37b0fe839d2537ca08c34eff6 16968 libvncserver_0.9.9+dfsg-1+deb7u1.debian.tar.gz 7ccb1f68dd3dd1eb9e650ec4f4fdd00580e5686c 279898 libvncserver0_0.9.9+dfsg-1+deb7u1_amd64.deb b9a5fbd15cbe0a5cde52c8a02a1cd429044c8c46 334830 libvncserver-dev_0.9.9+dfsg-1+deb7u1_amd64.deb 7d02a0bb0eaf0dd77a531e770125cb06987276ea 74754 libvncserver-config_0.9.9+dfsg-1+deb7u1_amd64.deb 141cda543570a6731be708e8e147662aa58d250a 595114 libvncserver0-dbg_0.9.9+dfsg-1+deb7u1_amd64.deb 38bb36ebc4a9280a8f01ecc55454e6e59228de15 86864 linuxvnc_0.9.9+dfsg-1+deb7u1_amd64.deb Checksums-Sha256: e1d3bcd74a0ac271fe68f8f40f9187463c39c9da3a85d66f8614f9ca8bb1b9f0 2214 libvncserver_0.9.9+dfsg-1+deb7u1.dsc 8586a0b6caa3ddb2efada804e888713232b2ced8e86a83b96b81c2016c387412 870165 libvncserver_0.9.9+dfsg.orig.tar.gz 015c7de9a50149c4931f878191459444231d6257b946914653b87f98a1879c57 16968 libvncserver_0.9.9+dfsg-1+deb7u1.debian.tar.gz e5b44e2a33296941a5b685bc3ffecda419c8c9e9efaaf43bd18403227c2882a5 279898 libvncserver0_0.9.9+dfsg-1+deb7u1_amd64.deb f02c7a7a97b076421d6c79fe7078e200bfc5bcdff7b9b6ef1274bb6345dbbf62 334830 libvncserver-dev_0.9.9+dfsg-1+deb7u1_amd64.deb
Bug#762745: marked as done ([CVE-2014-6051 to CVE-2014-6055] Multiple issues in libVNCserver)
Your message dated Fri, 28 Nov 2014 16:34:50 + with message-id e1xuovo-0007k4...@franck.debian.org and subject line Bug#762745: fixed in libvncserver 0.9.9+dfsg-6.1 has caused the Debian Bug report #762745, regarding [CVE-2014-6051 to CVE-2014-6055] Multiple issues in libVNCserver to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 762745: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762745 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libvncserver Severity: important Tags: security Hi there, the following vulnerabilities were published for libVNCserver: CVE-2014-6051 Integer overflow in MallocFrameBuffer() on client side. CVE-2014-6052 Lack of malloc() return value checking on client side. CVE-2014-6053 Server crash on a very large ClientCutText message. CVE-2014-6054 Server crash when scaling factor is set to zero. CVE-2014-6055 Multiple stack overflows in File Transfer feature. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: http://seclists.org/oss-sec/2014/q3/639 Please adjust the affected versions in the BTS as needed and clone this bug if you are not going to fix all these problems together. Regards, luciano ---End Message--- ---BeginMessage--- Source: libvncserver Source-Version: 0.9.9+dfsg-6.1 We believe that the bug you reported is fixed in the latest version of libvncserver, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 762...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tobias Frost t...@debian.org (supplier of updated libvncserver package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 23 Nov 2014 16:19:53 +0100 Source: libvncserver Binary: libvncclient0 libvncserver0 libvncserver-dev libvncserver-config libvncclient0-dbg libvncserver0-dbg linuxvnc Architecture: source amd64 Version: 0.9.9+dfsg-6.1 Distribution: unstable Urgency: medium Maintainer: Luca Falavigna dktrkr...@debian.org Changed-By: Tobias Frost t...@debian.org Description: libvncclient0 - API to write one's own vnc server - client library libvncclient0-dbg - debugging symbols for libvncclient libvncserver-config - API to write one's own vnc server - library utility libvncserver-dev - API to write one's own vnc server - development files libvncserver0 - API to write one's own vnc server libvncserver0-dbg - debugging symbols for libvncserver linuxvnc - VNC server to allow remote access to a tty Closes: 762745 Changes: libvncserver (0.9.9+dfsg-6.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055: Multiple issues in libVNCserver -- cherry picking targeted fixed from upstream (Closes: #762745) Checksums-Sha1: 6546f3f98c88d0bdc851f5641d2bf8b6bd02b057 2406 libvncserver_0.9.9+dfsg-6.1.dsc dfabe375125fffd77a13c98e7d313a6437490925 21860 libvncserver_0.9.9+dfsg-6.1.debian.tar.xz a9e8c19c6f542007f942e513f403f32e671eeb64 125226 libvncclient0_0.9.9+dfsg-6.1_amd64.deb 30e0f191ca5907e78c14a4c02bbe8452084cf602 192034 libvncserver0_0.9.9+dfsg-6.1_amd64.deb b0b6ff06bd03ff520edf4a62e0824ebd268cf0dd 275632 libvncserver-dev_0.9.9+dfsg-6.1_amd64.deb 92a549c988835ab7855de08c81920e5dedbbb3aa 90512 libvncserver-config_0.9.9+dfsg-6.1_amd64.deb efd4f67a6ebfd78d0ad8c8d2ce163d8808696d39 173156 libvncclient0-dbg_0.9.9+dfsg-6.1_amd64.deb c0ccdfe9c81db6882e24ac18c84d42716e979eb7 382900 libvncserver0-dbg_0.9.9+dfsg-6.1_amd64.deb adea0233aa3d38dec44d7d58c308ea19013c6498 86500 linuxvnc_0.9.9+dfsg-6.1_amd64.deb Checksums-Sha256: 7a28bf115be27d84240ac7a6c4964cddc7d4b7ef7d73133436b732219c1f5664 2406 libvncserver_0.9.9+dfsg-6.1.dsc 502670cd2ae96d5cbafa0387e94529421152617aa59d20d726a57e24e771a18a 21860 libvncserver_0.9.9+dfsg-6.1.debian.tar.xz 1e2b4fb28dea737cf0aa583552a57ff02244b378f9529f706e7dd8c8cd1deb37 125226 libvncclient0_0.9.9+dfsg-6.1_amd64.deb 15359ef274f3be793e78691dfef20ef5e4dbbc089e9f99fc8c79e249c05e5a5a 192034 libvncserver0_0.9.9+dfsg-6.1_amd64.deb