Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 105dfeb7 by Sylvain Beucler at 2020-03-18T14:56:41+01:00 libvncserver: reference embedded copies Builds on initial research at https://lists.debian.org/debian-lts/2019/10/msg00094.html - - - - - 77a25a7a by Sylvain Beucler at 2020-03-18T15:00:30+01:00 CVE-2019-15690/libvncserver: reference embedded copies in italc/ssvnc/tightvnc/veyon/vncsnapshot - - - - - 2 changed files: - data/CVE/list - data/embedded-code-copies Changes: ===================================== data/CVE/list ===================================== @@ -35466,6 +35466,11 @@ CVE-2019-15690 RESERVED {DLA-2146-1} - libvncserver <unfixed> (bug #954163) + - italc <removed> + - ssvnc <unfixed> + - tightvnc <unfixed> + - veyon 4.3.1+repack1-1 + - vncsnapshot <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2 NOTE: https://github.com/LibVNC/libvncserver/issues/381 NOTE: https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed ===================================== data/embedded-code-copies ===================================== @@ -544,8 +544,18 @@ libmodplug - gst-plugins-bad0.10 0.10.10.2-1 (embed) libvncserver - - vino <unfixed> (embed) - - krfb <unfixed> (embed) + - krfb 4:14.12.2-1 (embed) [libvncserver/rfbserver.c] + - italc <removed> (embed) [ica/x11/libvnc*] + - ssvnc <unfixed> (modified-embed) [vnc_unixsrc/*] + NOTE: client code only + - tigervnc <unfixable> (fork) + - tightvnc <unfixable> (fork) + - vncsnapshot <unfixed> (embed) + NOTE: client code only, small files subset + - veyon <unfixed> (embed) [3rdparty/libvncserver/libvncclient/*] + NOTE: uses system-wide libvncserver, but still bundles libvncclient + - vino <unfixed> (embed) [server/libvncserver/*] + NOTE: server code only putty - filezilla <unfixed> (embed) @@ -704,7 +714,7 @@ lzo2 - remmina <unfixed> (embed) - blender <unfixed> (embed) - x11vnc <unfixed> (embed) - - italc <unfixed> (embed) + - italc <removed> (embed) - dump <unfixed> (embed) - krfb <unfixed> (embed) - nfdump <unfixed> (embed) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5d73be68c1b8a1cece5e9541cc6725901587dfba...77a25a7a8a60d1005185d4a5ba2c2f57c3618830 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5d73be68c1b8a1cece5e9541cc6725901587dfba...77a25a7a8a60d1005185d4a5ba2c2f57c3618830 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
