Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 75c8b509 by Salvatore Bonaccorso at 2019-01-04T13:10:00Z Partially revert "stretch triage" This (partially) reverts commit b7e957b2a9683e5dad951168524f7b2bfe5e2dde. CVE-2018-15126 affects the libvncserver codebase on 0.9.11 but the patchset to be applied is refactoring and introducing two new symbols to fix the issue. Similar conclusion reached by SuSE triage at https://bugzilla.novell.com/show_bug.cgi?id=1120114#c3 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -24226,7 +24226,8 @@ CVE-2018-15127 (LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de co NOTE: https://github.com/LibVNC/libvncserver/commit/502821828ed00b4a2c4bef90683d0fd88ce495de NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-028-libvnc-heap-out-of-bound-write/ CVE-2018-15126 (LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains ...) - - libvncserver <not-affected> (Vulnerable code introduced after 0.9.11 release) + - libvncserver <unfixed> (bug #916941) + [jessie] - libvncserver <not-affected> (Vulnerable code not present) NOTE: https://github.com/LibVNC/libvncserver/issues/242 NOTE: Fixed by: https://github.com/LibVNC/libvncserver/commit/162d716b4c095a87aab2261857d583d68e3b3ea6 (merge of fix-#242) NOTE: Individual commits: View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75c8b5092d49a559048a7d43cb366741b0e3d060 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75c8b5092d49a559048a7d43cb366741b0e3d060 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
