Your message dated Sat, 04 Jul 2026 17:17:08 +0000
with message-id <[email protected]>
and subject line Bug#1132166: fixed in tigervnc 1.15.0+dfsg-2.1~deb13u1
has caused the Debian Bug report #1132166,
regarding tigervnc: CVE-2026-34352
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1132166: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132166
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: tigervnc
Version: 1.15.0+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for tigervnc.

CVE-2026-34352[0]:
| In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other
| users to observe or manipulate the screen contents, or cause an
| application crash, because of incorrect permissions.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-34352
    https://www.cve.org/CVERecord?id=CVE-2026-34352
[1] https://groups.google.com/g/tigervnc-announce/c/anHL9WLshLI
[2] https://www.openwall.com/lists/oss-security/2026/03/26/7
[3] 
https://github.com/TigerVNC/tigervnc/commit/a3fbb54278ebe91bf573f44b32d64e78a33a4828

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: tigervnc
Source-Version: 1.15.0+dfsg-2.1~deb13u1
Done: Adrian Bunk <[email protected]>

We believe that the bug you reported is fixed in the latest version of
tigervnc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated tigervnc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 03 Jul 2026 19:13:02 +0300
Source: tigervnc
Architecture: source
Version: 1.15.0+dfsg-2.1~deb13u1
Distribution: trixie
Urgency: medium
Maintainer: TigerVNC Packaging Team <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1132166
Changes:
 tigervnc (1.15.0+dfsg-2.1~deb13u1) trixie; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for trixie.
 .
 tigervnc (1.15.0+dfsg-2.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2026-34352: Prevent other users reading x0vncserver screen
     (Closes: #1132166)
Checksums-Sha1:
 e27cb5cd5a8642f94eb5c4c33812a6fc1b0199ec 4098 
tigervnc_1.15.0+dfsg-2.1~deb13u1.dsc
 a6ce9b905a663a709f7d8978310dd58869c27b6b 1542448 
tigervnc_1.15.0+dfsg.orig.tar.xz
 f65172491d356365f14c490dc2c42dd83a764575 624544 
tigervnc_1.15.0+dfsg-2.1~deb13u1.debian.tar.xz
Checksums-Sha256:
 0cc8728e849eac81cc6e41511fbf03b7d3df9aedfc5469e8268640aff4eef12d 4098 
tigervnc_1.15.0+dfsg-2.1~deb13u1.dsc
 aff2da93470f207df00d928738485b61a5bfa14dd8af509d4e104a04dfc884ee 1542448 
tigervnc_1.15.0+dfsg.orig.tar.xz
 8f778eea93946622964c3e9cf5f6aeb28cb385fc8099b61b8b67226141fd7739 624544 
tigervnc_1.15.0+dfsg-2.1~deb13u1.debian.tar.xz
Files:
 05f4706a2dfaff06251c1f0d2cb14c15 4098 x11 optional 
tigervnc_1.15.0+dfsg-2.1~deb13u1.dsc
 2b1fb7d4a111370d427e46f107bf43fc 1542448 x11 optional 
tigervnc_1.15.0+dfsg.orig.tar.xz
 b54ba643d55b681261b598c0e2ae56d5 624544 x11 optional 
tigervnc_1.15.0+dfsg-2.1~deb13u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmpH7EYACgkQiNJCh6LY
mLFy4g/8CimpWHo7ZxJ+LKNy0O2ekR9unKeRIMzJYkSDtXH2RJIiMWpKxhw+qu6e
aG22BY3NgdyqYJXDx0RVt8CBPAlzpriZPjT428CoyphczA9FqyywJcAVLW8XfWG/
JRfxdEGZ1Q+TSzLLP+5k9iZ53O3feL20UNgVLKon+XbAbI8NBM+OlG4w7v83LEjb
xdyKON7nuIm9bMowxlBsyHh4P7VrvRpe3nBaTfVGcgMgZpToWTlTUh5hffkNcUs/
6Bs0CtQEKfm8miExng4Tf896y3vFUuhgY+1hPxY0Vpsr1fltYsWktiHcMLNtgYQp
jtNusRb88m8czSBP32v/QSaA9ZT/oCrsl8TfHZciLqgpvExYd7raVZwKab7sYVZq
HR/j1nZ/faS0eQOsEODjE/IGW/MDhUS8V3Zo+7wqz7ZnBJyq6S1mEbotVQJW2KeE
SGwb/tKjfS8w8dJ7KiWqwLmv+bUJUOKyQNcIV5h/qpRb5hHobBGhwsdlnBLQ8Jat
yE/qi/Kh0Mn4ds/zhBuyYKRnSefejoNJsKE4Ig2TSyPs1Mg2i+glPseGMMjBzL1p
BJfP674w2kS+rkXiy/d08A9MzOCW2OPkGJlbSm4Ih70RwkrhIh5/RatXCA8P3p5X
HyRhqsGuoJIe7MbzLeLuH9T5GroDq3Hnbr2PtvMALnPGSSS47Qs=
=Dr1Q
-----END PGP SIGNATURE-----

Attachment: pgp1viPmlx09L.pgp
Description: PGP signature


--- End Message ---

Reply via email to