[Git][security-tracker-team/security-tracker][master] Mark tightvnc issues as no-dsa

Salvatore Bonaccorso Mon, 30 Dec 2019 02:55:53 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
eeb3197c by Salvatore Bonaccorso at 2019-12-30T10:54:27Z
Mark tightvnc issues as no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19313,12 +19313,16 @@ CVE-2019-15680 (TightVNC code version 1.3.10 contains 
null pointer dereference i
 CVE-2019-15679 (TightVNC code version 1.3.10 contains heap buffer overflow in 
Initiali ...)
        {DLA-2045-1}
        - tightvnc 1:1.3.9-9.1 (bug #945364)
+       [buster] - tightvnc <no-dsa> (Minor issue; will be fixed via point 
release)
+       [stretch] - tightvnc <no-dsa> (Minor issue; will be fixed via point 
release)
        NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
        NOTE: 
https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7
        NOTE: part of CVE-2018-20748/libvncserver
 CVE-2019-15678 (TightVNC code version 1.3.10 contains heap buffer overflow in 
rfbServe ...)
        {DLA-2045-1}
        - tightvnc 1:1.3.9-9.1 (bug #945364)
+       [buster] - tightvnc <no-dsa> (Minor issue; will be fixed via point 
release)
+       [stretch] - tightvnc <no-dsa> (Minor issue; will be fixed via point 
release)
        NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
        NOTE: 
https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
        NOTE: part of CVE-2018-20748/libvnvserver
@@ -42779,6 +42783,8 @@ CVE-2019-8288 (Vulnerability in Online Store v1.0, 
Stored XSS in user_view.php w
 CVE-2019-8287 (TightVNC code version 1.3.10 contains global buffer overflow in 
Handle ...)
        {DLA-2045-1}
        - tightvnc 1:1.3.9-9.1 (bug #945364)
+       [buster] - tightvnc <no-dsa> (Minor issue; will be fixed via point 
release)
+       [stretch] - tightvnc <no-dsa> (Minor issue; will be fixed via point 
release)
        NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
        NOTE: same as CVE-2018-20020/libvncserver
 CVE-2019-8286 (Information Disclosure in Kaspersky Anti-Virus, Kaspersky 
Internet Sec ...)
@@ -59764,6 +59770,8 @@ CVE-2018-20022 (LibVNC before 
2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains
        - italc <removed>
        - ssvnc 1.0.29-5 (bug #945827)
        - tightvnc 1:1.3.9-9.1
+       [buster] - tightvnc <no-dsa> (Minor issue; will be fixed via point 
release)
+       [stretch] - tightvnc <no-dsa> (Minor issue; will be fixed via point 
release)
        - veyon 4.1.4+repack1-1
        NOTE: https://github.com/LibVNC/libvncserver/issues/252
        NOTE: 
https://github.com/LibVNC/libvncserver/commit/2f5b2ad1c6c99b1ac6482c95844a84d66bb52838
@@ -59774,6 +59782,8 @@ CVE-2018-20021 (LibVNC before commit 
c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c co
        - italc <removed>
        - ssvnc 1.0.29-5 (bug #945827)
        - tightvnc 1:1.3.9-9.1
+       [buster] - tightvnc <no-dsa> (Minor issue; will be fixed via point 
release)
+       [stretch] - tightvnc <no-dsa> (Minor issue; will be fixed via point 
release)
        - veyon 4.1.4+repack1-1
        NOTE: https://github.com/LibVNC/libvncserver/issues/251
        NOTE: 
https://github.com/LibVNC/libvncserver/commit/c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c
@@ -98354,6 +98364,8 @@ CVE-2018-7225 (An issue was discovered in LibVNCServer 
through 0.9.11. rfbProces
        - libvncserver 0.9.11+dfsg-1.1 (bug #894045)
        - italc <removed>
        - tightvnc 1:1.3.9-9.1
+       [buster] - tightvnc <no-dsa> (Minor issue; will be fixed via point 
release)
+       [stretch] - tightvnc <no-dsa> (Minor issue; will be fixed via point 
release)
        - vino <unfixed> (bug #945784)
        NOTE: https://github.com/LibVNC/libvncserver/issues/218
        NOTE: 
https://github.com/LibVNC/libvncserver/commit/b0c77391e6bd0a2305bbc9b37a2499af74ddd9ee
@@ -236286,6 +236298,8 @@ CVE-2014-6053 (The rfbProcessClientNormalMessage 
function in libvncserver/rfbser
        - libvncserver 0.9.9+dfsg-6.1 (bug #762745)
        - italc 1:3.0.1+dfsg1-1
        - tightvnc 1:1.3.9-9.1
+       [buster] - tightvnc <no-dsa> (Minor issue; will be fixed via point 
release)
+       [stretch] - tightvnc <no-dsa> (Minor issue; will be fixed via point 
release)
        - vino <unfixed> (bug #945784)
        NOTE: 
https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
 CVE-2014-6052 (The HandleRFBServerMessage function in libvncclient/rfbproto.c 
in LibV ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/eeb3197c3b0b405318ca720483b7f39b481293a2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/eeb3197c3b0b405318ca720483b7f39b481293a2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Mark tightvnc issues as no-dsa

Reply via email to