Control: tags 1132166 + patch
Control: tags 1132166 + pending

Dear maintainer,

I've prepared an NMU for tigervnc (versioned as 1.15.0+dfsg-2.1) and 
uploaded it to DELAYED/2. Please feel free to tell me if I should
cancel it.

cu
Adrian
diffstat for tigervnc-1.15.0+dfsg tigervnc-1.15.0+dfsg

 changelog                                                         |    8 ++
 patches/0001-Prevent-other-users-reading-x0vncserver-screen.patch |   28 ++++++++++
 patches/series                                                    |    1 
 3 files changed, 37 insertions(+)

diff -Nru tigervnc-1.15.0+dfsg/debian/changelog tigervnc-1.15.0+dfsg/debian/changelog
--- tigervnc-1.15.0+dfsg/debian/changelog	2025-05-06 01:30:59.000000000 +0300
+++ tigervnc-1.15.0+dfsg/debian/changelog	2026-07-01 11:47:57.000000000 +0300
@@ -1,3 +1,11 @@
+tigervnc (1.15.0+dfsg-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2026-34352: Prevent other users reading x0vncserver screen
+    (Closes: #1132166)
+
+ -- Adrian Bunk <[email protected]>  Wed, 01 Jul 2026 11:47:57 +0300
+
 tigervnc (1.15.0+dfsg-2) unstable; urgency=medium
 
   [ Stephan Springl ]
diff -Nru tigervnc-1.15.0+dfsg/debian/patches/0001-Prevent-other-users-reading-x0vncserver-screen.patch tigervnc-1.15.0+dfsg/debian/patches/0001-Prevent-other-users-reading-x0vncserver-screen.patch
--- tigervnc-1.15.0+dfsg/debian/patches/0001-Prevent-other-users-reading-x0vncserver-screen.patch	1970-01-01 02:00:00.000000000 +0200
+++ tigervnc-1.15.0+dfsg/debian/patches/0001-Prevent-other-users-reading-x0vncserver-screen.patch	2026-07-01 11:47:08.000000000 +0300
@@ -0,0 +1,28 @@
+From 8010762320e95f56152af4e327b3fe19b27e6d37 Mon Sep 17 00:00:00 2001
+From: Pierre Ossman <[email protected]>
+Date: Tue, 24 Mar 2026 09:52:01 +0100
+Subject: Prevent other users reading x0vncserver screen
+
+Prevent other users from observing the screen, or modifying what is sent
+to the client. Malicious attackers can even crash x0vncserver if they
+time the modifications right.
+---
+ unix/x0vncserver/Image.cxx | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/unix/x0vncserver/Image.cxx b/unix/x0vncserver/Image.cxx
+index bfe5e730..77554ea3 100644
+--- a/unix/x0vncserver/Image.cxx
++++ b/unix/x0vncserver/Image.cxx
+@@ -287,7 +287,7 @@ void ShmImage::Init(int width, int height, const XVisualInfo *vinfo)
+ 
+   shminfo->shmid = shmget(IPC_PRIVATE,
+                           xim->bytes_per_line * xim->height,
+-                          IPC_CREAT|0777);
++                          IPC_CREAT|0600);
+   if (shminfo->shmid == -1) {
+     perror("shmget");
+     vlog.error("shmget() failed (%d bytes requested)",
+-- 
+2.47.3
+
diff -Nru tigervnc-1.15.0+dfsg/debian/patches/series tigervnc-1.15.0+dfsg/debian/patches/series
--- tigervnc-1.15.0+dfsg/debian/patches/series	2025-05-06 01:30:32.000000000 +0300
+++ tigervnc-1.15.0+dfsg/debian/patches/series	2026-07-01 11:47:56.000000000 +0300
@@ -39,3 +39,4 @@
 
 # The following patches are security fixes
 CVE-2014-8240-849479.patch
+0001-Prevent-other-users-reading-x0vncserver-screen.patch

Reply via email to