Your message dated Thu, 02 Jul 2026 20:36:11 +0000
with message-id <[email protected]>
and subject line Bug#1138253: fixed in libvncserver 0.9.15+dfsg-1+deb13u2
has caused the Debian Bug report #1138253,
regarding libvncserver: Attacker-controlled heap out-of-bounds write in
libvncclient Tight decoder
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1138253: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138253
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libvncserver
Version: 0.9.15+dfsg-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
GHSA-v9pm-47h4-jcq8 (no CVE yet) describes:
Attacker-controlled heap out-of-bounds write in libvncclient Tight
decoder:
| A malicious (or man-in-the-middle) VNC server can force a connecting
| libvncclient to write attacker-controlled data past the end of its
| framebuffer. This is an out-of-bounds heap write with attacker-
| controlled length, contents, and offset. It needs no authentication
| (the attacker is the server), works in a default build with default
| settings, and fires from a single FramebufferUpdate the moment the
| victim connects. It crashes any client unconditionally (denial of
| service); we also demonstrated it overwriting an application callback
| pointer and redirecting execution to attacker-chosen code (code
| execution) under the default configuration.
https://github.com/LibVNC/libvncserver/security/advisories/GHSA-v9pm-47h4-jcq8
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libvncserver
Source-Version: 0.9.15+dfsg-1+deb13u2
Done: Sven Geuer <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libvncserver, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sven Geuer <[email protected]> (supplier of updated libvncserver package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 17 Jun 2026 12:21:21 +0200
Source: libvncserver
Architecture: source
Version: 0.9.15+dfsg-1+deb13u2
Distribution: trixie
Urgency: medium
Maintainer: Debian Remote Maintainers <[email protected]>
Changed-By: Sven Geuer <[email protected]>
Closes: 1138174 1138253
Changes:
libvncserver (0.9.15+dfsg-1+deb13u2) trixie; urgency=medium
.
* Team upload.
* debian/patches:
+ CVE-2026-44988: Add 0003_CVE-2026-44988.patch fixing Tight gradient
decoding overflow (Closes: #1138174).
+ CVE-2026-50538: Add 0004_CVE-2026-50538.patch fixing attacker-controlled
heap out-of-bounds write (Closes: #1138253).
Checksums-Sha1:
07f3d2837c6f08365ec263503c2b1e2651e8e47b 2345
libvncserver_0.9.15+dfsg-1+deb13u2.dsc
05c95a8ea396500fae4d91df7f34deb878fcd4e0 20528
libvncserver_0.9.15+dfsg-1+deb13u2.debian.tar.xz
b4f2ccf8fec5f32374ce5c250d412b1e03f253e3 8747
libvncserver_0.9.15+dfsg-1+deb13u2_amd64.buildinfo
Checksums-Sha256:
3750c3660ad9fd9eaad32d8a4a5a62748687388044397142351a58af8f1f4580 2345
libvncserver_0.9.15+dfsg-1+deb13u2.dsc
2e7dea1a2f9a52509305765cefc66eb58917c26974b168df150fa3531ab65901 20528
libvncserver_0.9.15+dfsg-1+deb13u2.debian.tar.xz
e4ae6b8fd6ccd2fbd26b785d6b8f5afb5c3cbb135b67c2ad63100c11ab0d29ce 8747
libvncserver_0.9.15+dfsg-1+deb13u2_amd64.buildinfo
Files:
5a2261776984d5fd569d9ac7e59c8f89 2345 libs optional
libvncserver_0.9.15+dfsg-1+deb13u2.dsc
a82be238ec983b9210af198973c242ae 20528 libs optional
libvncserver_0.9.15+dfsg-1+deb13u2.debian.tar.xz
dde97c84fe4916c6287d514c89dbf074 8747 libs optional
libvncserver_0.9.15+dfsg-1+deb13u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEEPfXoqkP8n9/QhvGVrfUO2vit1YUFAmpGGa8PHHNnZUBkZWJp
YW4ub3JnAAoJEK31Dtr4rdWFQ3UQANMhc7pm0kjgIY6BDNYs8r0TqmJlyfKfO3gP
zac0Q2/xBj5S0lVAq3arFVx7kJnyRMx3Vleyd3t9Q2zwRqAdwjyG9dOrWnoOMt4n
gsNgnYO5leZiDsrSQUhyF1hJFyXsRWqeloa+vzp8KslQDUKWRbz6cK/en4V4Ty4G
nbKOp7QkagIgw27kNUqx+njQg9td63mhX8Tbx1WfAWl6nqqF+yhBiu3hN0kz7WMI
dpRXJvFotDsJ95RgdlDFKnT4pEk6WGoMEzrVnT8bNpB5oVfYQq2lHZ3AkZershiX
8GiVfuv7I4k0Tck8uVhNOBOg5EW/wVb9J6e92BEjQYk1XsjiJ7s8Nt7bJrKb5gyA
Z3pAz9pFfefUt3DhNiOEII8nL94q1i811r0e+/P2w2TgSQjHBVx3UwVDZUI/iFuK
c0CNqDoSwB4uVEu0JgZDtA+cmal1VlGPftuwnzH4kYaZ7kIQRPe1F3Qcn3LwunqT
J4Y/oveR8RT71kzjz9X9DTwE+rt7B2A9qPq6/NLk7Vf9rTglQjvYHWShNIMbB3FG
hdH2rgQ8iKN4Ib7P0fjdq8kIYEtqZL/TdiggCNtgI8xPukM/2bkp1kDMMadFWLxQ
SYxeew1vRj+IYdowAtaMF6A2jOVTVtQW+ctRhOAG1f2XBPwym70GbKe6UCP6PaNy
V/naz14K
=lNBl
-----END PGP SIGNATURE-----
pgp09lunMKkTX.pgp
Description: PGP signature
--- End Message ---