Your message dated Fri, 10 Feb 2017 16:48:39 +0000
with message-id <[email protected]>
and subject line Bug#854450: fixed in gtk-vnc 0.6.0-3
has caused the Debian Bug report #854450,
regarding gtk-vnc: CVE-2017-5884 CVE-2017-5885
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
854450: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854450
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gtk-vnc
Severity: important
Tags: security
Hi,
the following vulnerabilities were published for gtk-vnc.
CVE-2017-5885[0]:
CVE-2017-5884[1]:
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-5885
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5885
[1] https://security-tracker.debian.org/tracker/CVE-2017-5884
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5884
Please adjust the affected versions in the BTS as needed.
Regards,
Markus
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: gtk-vnc
Source-Version: 0.6.0-3
We believe that the bug you reported is fixed in the latest version of
gtk-vnc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guido Günther <[email protected]> (supplier of updated gtk-vnc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 10 Feb 2017 14:20:29 +0100
Source: gtk-vnc
Binary: libgvnc-1.0-0 libgvnc-1.0-0-dbg libgvnc-1.0-dev libgtk-vnc-1.0-0
libgtk-vnc-1.0-0-dbg libgtk-vnc-1.0-dev libgtk-vnc-2.0-0 libgtk-vnc-2.0-0-dbg
libgtk-vnc-2.0-dev gir1.2-gtk-vnc-2.0 python-gtk-vnc gvncviewer
Architecture: source
Version: 0.6.0-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Libvirt Maintainers
<[email protected]>
Changed-By: Guido Günther <[email protected]>
Closes: 854450
Description:
gir1.2-gtk-vnc-2.0 - GObject introspection data for GTK-VNC
gvncviewer - VNC viewer using gtk-vnc
libgtk-vnc-1.0-0-dbg - VNC viewer widget for GTK+2 (debugging symbols)
libgtk-vnc-1.0-0 - VNC viewer widget for GTK+2 (runtime libraries)
libgtk-vnc-1.0-dev - VNC viewer widget for GTK+2 (development files)
libgtk-vnc-2.0-0-dbg - VNC viewer widget for GTK+3 (debugging symbols)
libgtk-vnc-2.0-0 - VNC viewer widget for GTK+3 (runtime libraries)
libgtk-vnc-2.0-dev - VNC viewer widget for GTK+3 (development files)
libgvnc-1.0-0-dbg - VNC GObject wrapper (debugging symbols)
libgvnc-1.0-0 - VNC GObject wrapper (runtime libraries)
libgvnc-1.0-dev - VNC GObject wrapper (development files)
python-gtk-vnc - VNC viewer widget for GTK+2 (Python binding)
Changes:
gtk-vnc (0.6.0-3) unstable; urgency=medium
.
* [b8d9918] CVE-2017-5884: Fix bounds checking for RRE, hextile & copyrect
encodings
* [ca87ace] CVE-2017-5885: Correctly validate color map range indexes
(Closes: #854450)
* [0e71020] Link against GIO_LIBS explicitly to fix build failure
* [7d3fdde] Rediff patches to make them more git-format-patch compatible
Checksums-Sha1:
b6fd43b5e5d9cc110fd669d1dd060680877336f5 2984 gtk-vnc_0.6.0-3.dsc
ab35a05291d4905b64d69099e06efdc3fd21be7e 16920 gtk-vnc_0.6.0-3.debian.tar.xz
Checksums-Sha256:
8b7a27c2ce051b800035bc3560db4413b26d58e75767ac1e07f30fafa9fd4964 2984
gtk-vnc_0.6.0-3.dsc
c44f0e6345b29ba271f56c0298d3df83f27c08de73c4f43f86da61e9df703b5b 16920
gtk-vnc_0.6.0-3.debian.tar.xz
Files:
3e37f49e46e485143906fc9e4b8b4343 2984 gnome optional gtk-vnc_0.6.0-3.dsc
8d99057ab7473624693b1ed29601ba88 16920 gnome optional
gtk-vnc_0.6.0-3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEvHzQcjh1660F3xzZB7i3sOqYEgsFAlidwAoACgkQB7i3sOqY
Egu45xAAzmH0Om1EfOZ/6a1CJHRJfDzzJq0iFpx4L8cBdhTd0LDUMHEtzZpdSgQS
Qwyid/1EEQcLLVyPPu4ReLb/CDd4gSLwobnhRosv7x++7BjMI506+yUmxV074SwT
QbJ1KqffYTpDlKQiew0NcB/8smqNJkI2C9LbZeG5W5U5vuEwAei8wxv/rjskLSHy
OS0b4FWsnEu5W7Z3aHpsA0t3cB7ci+qes3y7X/OcgXP1QtF5K5FsZzLsC/HNkfIO
9LVX2K5DWvJIX75OTLY2lM1LjiYCOyNwGR8+XEJuSmi0VIxQAAn+PH2WgefJbYiS
PIuiDes7Qxd585e0JNyRUVU2Hcrh/LR9NGHTgPn7tgeQoj3dO8/ibh22FlAr3a9J
xLA9SvLpKe+b5mct4ThU3RIkSpisYVmd/CNykl/cfzpPBPq/9xE0uDlLj6+NTDTu
FJdKdJwBcZBIxigW7duAZDMFEN88qA3HL+0DpNrpbTK9EycsSa8LYGpxX4ZsiAcr
Vx7T7Qiouu/nL1GHcvByqA75G9wlCgZX3OO/kQI7nO4NZqBvt4HqAlEPOL30mJxe
0v71dXfULgQ+4iOwH5HYVq1Vf+sNW0N+Y+GhlTjKw4UFH1OgI9YxY0OW9NfDrVem
a7bcYbG6QdIcktiK7NgL7f6IZKjH3WPbo8TWP7XtIvJ7VLeeVmA=
=/N04
-----END PGP SIGNATURE-----
--- End Message ---