Your message dated Fri, 03 Jul 2026 06:35:07 +0000
with message-id <[email protected]>
and subject line Bug#1132166: fixed in tigervnc 1.15.0+dfsg-2.1
has caused the Debian Bug report #1132166,
regarding tigervnc: CVE-2026-34352
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1132166: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132166
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: tigervnc
Version: 1.15.0+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for tigervnc.

CVE-2026-34352[0]:
| In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other
| users to observe or manipulate the screen contents, or cause an
| application crash, because of incorrect permissions.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-34352
    https://www.cve.org/CVERecord?id=CVE-2026-34352
[1] https://groups.google.com/g/tigervnc-announce/c/anHL9WLshLI
[2] https://www.openwall.com/lists/oss-security/2026/03/26/7
[3] 
https://github.com/TigerVNC/tigervnc/commit/a3fbb54278ebe91bf573f44b32d64e78a33a4828

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: tigervnc
Source-Version: 1.15.0+dfsg-2.1
Done: Adrian Bunk <[email protected]>

We believe that the bug you reported is fixed in the latest version of
tigervnc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated tigervnc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 01 Jul 2026 11:47:57 +0300
Source: tigervnc
Architecture: source
Version: 1.15.0+dfsg-2.1
Distribution: unstable
Urgency: medium
Maintainer: TigerVNC Packaging Team <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1132166
Changes:
 tigervnc (1.15.0+dfsg-2.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2026-34352: Prevent other users reading x0vncserver screen
     (Closes: #1132166)
Checksums-Sha1:
 2975ba3fc76dd3fe962aed8b531d5a1577efb9a0 4065 tigervnc_1.15.0+dfsg-2.1.dsc
 1e30970992c209087b885d88508328e3628e03c6 624480 
tigervnc_1.15.0+dfsg-2.1.debian.tar.xz
Checksums-Sha256:
 b00d7c28c5fce6e5145748a6f544b03b89c013ee6c631843f1231ca36264b0a0 4065 
tigervnc_1.15.0+dfsg-2.1.dsc
 eef276e819e06f8a472e29aa50930e2da5d2465b1353514ea08f001a1a4d9352 624480 
tigervnc_1.15.0+dfsg-2.1.debian.tar.xz
Files:
 5a02c848072862aa21b875e4baec49ff 4065 x11 optional tigervnc_1.15.0+dfsg-2.1.dsc
 b70f2036a3fd2110e4c0e499bec66056 624480 x11 optional 
tigervnc_1.15.0+dfsg-2.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmpE1rcACgkQiNJCh6LY
mLFybxAAjnxsJ7skw4ceq2iD+341SxQa6rTYPAg87xh0DUfsTz7SPwuC+Vbd0pv8
ACDCcrk5++b466UeFmXCBjHksi/Mq5/lwplgvf7nG1/yOIqPHqBNI0Phn6J3Y+tN
Q+F3PGyuetaBpAjJTI28Wv2ssVDNxtBuTmTAiqekYLH5xuEA16pa43AnYv7yOKFx
D44SNPPcO4KnbjoR2e2uX9q2h01MlFymzdQQ1YyDNhCgig+1F3xZysrsP5mTBHr8
t+a71BeLcGbrAi0qgDyktNFqSQSoaawuiudkdpYMqWO6v3lLwX1IhLIDzj6gVerC
DxGwJpxMV9dGkFWQESibs9KrnEzIo8uKASAZeBhnqryuKlaIPhxI1INCfJ+dVvNu
pRYano9K9VPMIgFhd4BWZNcflJKHTtRtHoKAIHAXBQ4tdsQVgUm5PQaltWcSHizp
UUul+DMJDxyt3M8l81eoVlH6o5ugwkU0VGFX8ZFJeBetrXa1+frkusPj4wn52XDc
izFxCutHqR685VUti6YsEbo+037YRf26d39PbP6kRO9cnGdvUf/Y9p7ucMBJOYsq
aIhVmJn7Vl5z3zB3jf5yxBox3hgm2R0Kt/PH9K2EOsceXt67OLlAoKlrEnHbL7nk
SpyfU+7M1WmdWWmaXrCvlXQMxgSUJNQXkmtnjk+K6aHziLXMEp8=
=Zq0I
-----END PGP SIGNATURE-----

Attachment: pgpKZKsQWkDE3.pgp
Description: PGP signature


--- End Message ---

Reply via email to