Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 551d8d68 by Salvatore Bonaccorso at 2022-04-13T06:53:21+02:00 Mark CVE-2022-23967/tightvnc as resolved with same patch as for CVE-2019-15679 Though this is not completely clear if it's the same issue, according to the research from the maintainer the patch for CVE-2019-15679 addresses the issue reported as CVE-2022-23967. Sync up the information. Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007239#10 Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007239#20 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -14444,8 +14444,9 @@ CVE-2022-23969 CVE-2022-23968 (Xerox VersaLink devices on specific versions of firmware before 2022-0 ...) NOT-FOR-US: Xerox CVE-2022-23967 (In TightVNC 1.3.10, there is an integer signedness error and resultant ...) - - tightvnc <undetermined> (bug #1007239) - TODO: check if debian/patches/CVE-2019-15679.patch is sufficient + - tightvnc 1:1.3.9-9.1 (bug #1007239) + [buster] - tightvnc 1:1.3.9-9deb10u1 + [stretch] - tightvnc 1:1.3.9-9+deb9u1 NOTE: https://github.com/MaherAzzouzi/CVE-2022-23967 CVE-2022-23966 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/551d8d68a118608b9efda9f21c4d68becc245b17 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/551d8d68a118608b9efda9f21c4d68becc245b17 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
