Control: tags 1132166 + patch Control: tags 1132166 + pending Dear maintainer,
I've prepared an NMU for tigervnc (versioned as 1.15.0+dfsg-2.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should cancel it. cu Adrian
diffstat for tigervnc-1.15.0+dfsg tigervnc-1.15.0+dfsg changelog | 8 ++ patches/0001-Prevent-other-users-reading-x0vncserver-screen.patch | 28 ++++++++++ patches/series | 1 3 files changed, 37 insertions(+) diff -Nru tigervnc-1.15.0+dfsg/debian/changelog tigervnc-1.15.0+dfsg/debian/changelog --- tigervnc-1.15.0+dfsg/debian/changelog 2025-05-06 01:30:59.000000000 +0300 +++ tigervnc-1.15.0+dfsg/debian/changelog 2026-07-01 11:47:57.000000000 +0300 @@ -1,3 +1,11 @@ +tigervnc (1.15.0+dfsg-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * CVE-2026-34352: Prevent other users reading x0vncserver screen + (Closes: #1132166) + + -- Adrian Bunk <[email protected]> Wed, 01 Jul 2026 11:47:57 +0300 + tigervnc (1.15.0+dfsg-2) unstable; urgency=medium [ Stephan Springl ] diff -Nru tigervnc-1.15.0+dfsg/debian/patches/0001-Prevent-other-users-reading-x0vncserver-screen.patch tigervnc-1.15.0+dfsg/debian/patches/0001-Prevent-other-users-reading-x0vncserver-screen.patch --- tigervnc-1.15.0+dfsg/debian/patches/0001-Prevent-other-users-reading-x0vncserver-screen.patch 1970-01-01 02:00:00.000000000 +0200 +++ tigervnc-1.15.0+dfsg/debian/patches/0001-Prevent-other-users-reading-x0vncserver-screen.patch 2026-07-01 11:47:08.000000000 +0300 @@ -0,0 +1,28 @@ +From 8010762320e95f56152af4e327b3fe19b27e6d37 Mon Sep 17 00:00:00 2001 +From: Pierre Ossman <[email protected]> +Date: Tue, 24 Mar 2026 09:52:01 +0100 +Subject: Prevent other users reading x0vncserver screen + +Prevent other users from observing the screen, or modifying what is sent +to the client. Malicious attackers can even crash x0vncserver if they +time the modifications right. +--- + unix/x0vncserver/Image.cxx | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/unix/x0vncserver/Image.cxx b/unix/x0vncserver/Image.cxx +index bfe5e730..77554ea3 100644 +--- a/unix/x0vncserver/Image.cxx ++++ b/unix/x0vncserver/Image.cxx +@@ -287,7 +287,7 @@ void ShmImage::Init(int width, int height, const XVisualInfo *vinfo) + + shminfo->shmid = shmget(IPC_PRIVATE, + xim->bytes_per_line * xim->height, +- IPC_CREAT|0777); ++ IPC_CREAT|0600); + if (shminfo->shmid == -1) { + perror("shmget"); + vlog.error("shmget() failed (%d bytes requested)", +-- +2.47.3 + diff -Nru tigervnc-1.15.0+dfsg/debian/patches/series tigervnc-1.15.0+dfsg/debian/patches/series --- tigervnc-1.15.0+dfsg/debian/patches/series 2025-05-06 01:30:32.000000000 +0300 +++ tigervnc-1.15.0+dfsg/debian/patches/series 2026-07-01 11:47:56.000000000 +0300 @@ -39,3 +39,4 @@ # The following patches are security fixes CVE-2014-8240-849479.patch +0001-Prevent-other-users-reading-x0vncserver-screen.patch

