-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libvncserver
Version: 0.9.9+dfsg-1+deb7u3
CVE ID : CVE-2018-7225
Debian Bug : 894045
libvncserver version through 0.9.11. does not sanitize msg.cct.length
which may result in access to uninitialized and
On Friday 30 March 2018 11:28 PM, Ola Lundqvist wrote:
> Hi
>
> I have re-built the package and uploaded now. Will you send the DLA or
> do you want me to do that too?
>
> // Ola
>
Thanks.
I will send the DLA.
--abhijith
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Thu, 29 Mar 2018 22:55:20 +0530
Source: libvncserver
Binary: libvncserver0 libvncserver-dev libvncserver-config libvncserver0-dbg
linuxvnc
Architecture: source amd64
Version: 0.9.9+dfsg-1+deb7u3
Distribution: wheezy-security
Hi
We can simply send a DLA-1283-2 telling that it was not fixed.
// Ola
On 29 March 2018 at 21:34, Antoine Beaupré wrote:
> On 2018-03-27 07:38:43, Brian May wrote:
> > Antoine Beaupré writes:
> >
> >> I'm not sure. The security team marked
Package: mercurial
Version: 2.2.2-4+deb7u7
CVE ID : CVE-2018-1000132
Debian Bug : 892964
Mercurial version 4.5 and earlier contains a Incorrect Access Control
(CWE-285) vulnerability in Protocol server that can result in
Unauthorized data access. This attack appear to
Package: openssl
Version: 1.0.1t-1+deb7u4
CVE ID : CVE-2018-0739
It was discovered that constructed ASN.1 types with a recursive
definition could exceed the stack, potentially leading to a denial of
service.
Details can be found in the upstream advisory:
On Fri, Mar 30, 2018 at 10:15:41AM +0530, Abhijith PA wrote:
> Drop rene@, jmm@, 892...@bugs.debian.org.
>
>
> On Tuesday 20 March 2018 01:47 AM, Moritz Mühlenhoff wrote:
> > On Mon, Mar 19, 2018 at 05:04:17PM +0100, Rene Engelhard wrote:
> >> I am not going over the .-release procedure for