Bug#816734: vnc4server: authentication bypassing (secType enforcement failure)

Hi Roman Thanks for the report. Sorry for the answer delay. This mail was hidden among a number of auto-generated bugs so I did not spot it until today. I'll have a look at this asap. // Ola On Fri, Mar 4, 2016 at 4:56 PM, wrote: > Package: vnc4 > Version: 4.1.1 X4.3.0-37.6

Bug#816734: vnc4server: authentication bypassing (secType enforcement failure)

Package: vnc4 Version: 4.1.1 X4.3.0-37.6 b1 Tags: security,fixed-upstream Hello! Today I stumbled about the fact that the current Xvnc4 server delivered by Debian is vulnerable to a 10 year old security problem, namely CVE-2006-2369. In short: If a VNC password is configured, but a malicious