Your message dated Thu, 02 Jul 2026 20:36:28 +0000
with message-id <[email protected]>
and subject line Bug#1138253: fixed in libvncserver 0.9.14+dfsg-1+deb12u2
has caused the Debian Bug report #1138253,
regarding libvncserver: Attacker-controlled heap out-of-bounds write in 
libvncclient Tight decoder
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1138253: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138253
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libvncserver
Version: 0.9.15+dfsg-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

GHSA-v9pm-47h4-jcq8 (no CVE yet) describes:
Attacker-controlled heap out-of-bounds write in libvncclient Tight
decoder:
| A malicious (or man-in-the-middle) VNC server can force a connecting
| libvncclient to write attacker-controlled data past the end of its
| framebuffer. This is an out-of-bounds heap write with attacker-
| controlled length, contents, and offset. It needs no authentication
| (the attacker is the server), works in a default build with default
| settings, and fires from a single FramebufferUpdate the moment the
| victim connects. It crashes any client unconditionally (denial of
| service); we also demonstrated it overwriting an application callback
| pointer and redirecting execution to attacker-chosen code (code
| execution) under the default configuration.
https://github.com/LibVNC/libvncserver/security/advisories/GHSA-v9pm-47h4-jcq8

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: libvncserver
Source-Version: 0.9.14+dfsg-1+deb12u2
Done: Sven Geuer <[email protected]>

We believe that the bug you reported is fixed in the latest version of
libvncserver, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sven Geuer <[email protected]> (supplier of updated libvncserver package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 17 Jun 2026 12:51:14 +0200
Source: libvncserver
Architecture: source
Version: 0.9.14+dfsg-1+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: Debian Remote Maintainers <[email protected]>
Changed-By: Sven Geuer <[email protected]>
Closes: 1138174 1138253
Changes:
 libvncserver (0.9.14+dfsg-1+deb12u2) bookworm; urgency=medium
 .
   * Team upload.
   * debian/patches:
     + CVE-2026-44988: Add 0003_CVE-2026-44988.patch fixing Tight gradient
       decoding overflow (Closes: #1138174).
     + CVE-2026-50538: Add 0004_CVE-2026-50538.patch fixing attacker-controlled
       heap out-of-bounds write (Closes: #1138253).
Checksums-Sha1:
 af3707ca73e65bf8200af68fdd9f009a31b854a7 2348 
libvncserver_0.9.14+dfsg-1+deb12u2.dsc
 6b0bd3dad38e456303b9ff8051515c9dc820968a 17700 
libvncserver_0.9.14+dfsg-1+deb12u2.debian.tar.xz
 4b2d9d927185e12d90078857f6bca6402231714a 8886 
libvncserver_0.9.14+dfsg-1+deb12u2_amd64.buildinfo
Checksums-Sha256:
 23fd1d7707943657e7a8b9da616ba93d24c96967c357e6b2d5570806f5b15008 2348 
libvncserver_0.9.14+dfsg-1+deb12u2.dsc
 ca60b388eb440585581985edc3e6b8487404345c292d41099b32fb277a3eea1e 17700 
libvncserver_0.9.14+dfsg-1+deb12u2.debian.tar.xz
 4bf871f07bcc1b368043dd799d073e2aca758d88c4db5dc35b3565d6b92cddcb 8886 
libvncserver_0.9.14+dfsg-1+deb12u2_amd64.buildinfo
Files:
 ff977c7baaed336a743423cc184aa61f 2348 libs optional 
libvncserver_0.9.14+dfsg-1+deb12u2.dsc
 c5e58458d51ad1f72a92a394d9f70173 17700 libs optional 
libvncserver_0.9.14+dfsg-1+deb12u2.debian.tar.xz
 66696574981bf82555dc84c6fae017c0 8886 libs optional 
libvncserver_0.9.14+dfsg-1+deb12u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEPfXoqkP8n9/QhvGVrfUO2vit1YUFAmpGGgoPHHNnZUBkZWJp
YW4ub3JnAAoJEK31Dtr4rdWFbr0P/2XQCFnH3OcN274wIfbpheHrbtH3GI+f+8PS
wRGh4OLRptWnnnxYZTvMRmO9YO2LOoBVqaJZ/NLonLFojTKVg9liG6sHfIDbJx7c
MX+uFbvZ8V9vL8d0vyWYo3IbcuamVaHZk2P0mELiXJzVos7Elyh7x14JAkELrJOh
p+MHifqVs72dYf8RZ0IpNzOIS8rIJL6wOrGqkeVLo+3lHun1WUB63ihhp+ZDe0Wq
qX6NdVohOQq7l+fBSN1NFlWh0NcO0AinEK8HVeLELSeJR9qureneBWxNWBHF5JC9
xzu2VLiUHmK4XF8CmttXeGWfjcw56NwiD0em80Ox6vu7eQ04qWmx9zWoNgT3wCP4
nJqPjhAS7OhCKQpMLCiVovoXqq46pv2NhYR172K1buWvabYmrWReNeYmncz0cwtk
/mZJeJ661rtvSGgLuGBfWDcMc0dOzTCcjpblvcGuwZgcrUFyRYIWBhzgqf+2TBne
mfBKKhsMW/LlzkSq7Tn9npB2LikUQdL3XS2VRwoW4Q3w3kPrcqgFLHZnM1Rqk9Dy
YnKYFljTtgkTtzXQvbaoj3s9wHIDR1HuKVoxT8gyjGLx/OxnM6b/LdGk3PtTEM5f
XhnBW9p7kEN08/mt3uikazMKhFPKkqKHOJaG8LTtL1tAkhiB8KJm6cq8BMYHelh0
aJkzs+AN
=uxjs
-----END PGP SIGNATURE-----

Attachment: pgpAw0uQF8Ki_.pgp
Description: PGP signature


--- End Message ---

Reply via email to