Package: libvncserver; Maintainer for libvncserver is Peter Spiess-Knafl <dev@spiessknafl.at>;
Reported by: Luciano Bello <luciano@debian.org>
Date: Wed, 24 Sep 2014 21:24:02 UTC
Severity: grave
Tags: patch, security
Fixed in versions libvncserver/0.9.9+dfsg-6.1, libvncserver/0.9.9+dfsg-1+deb7u1
Done: Tobias Frost <tobi@debian.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, Luca Falavigna <dktrkranz@debian.org>
:
Bug#762745
; Package libvncserver
.
(Wed, 24 Sep 2014 21:24:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Luciano Bello <luciano@debian.org>
:
New Bug report received and forwarded. Copy sent to Luca Falavigna <dktrkranz@debian.org>
.
(Wed, 24 Sep 2014 21:24:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libvncserver Severity: important Tags: security Hi there, the following vulnerabilities were published for libVNCserver: CVE-2014-6051 Integer overflow in MallocFrameBuffer() on client side. CVE-2014-6052 Lack of malloc() return value checking on client side. CVE-2014-6053 Server crash on a very large ClientCutText message. CVE-2014-6054 Server crash when scaling factor is set to zero. CVE-2014-6055 Multiple stack overflows in File Transfer feature. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: http://seclists.org/oss-sec/2014/q3/639 Please adjust the affected versions in the BTS as needed and clone this bug if you are not going to fix all these problems together. Regards, luciano
Information forwarded
to debian-bugs-dist@lists.debian.org, Luca Falavigna <dktrkranz@debian.org>
:
Bug#762745
; Package libvncserver
.
(Wed, 22 Oct 2014 11:36:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Christian Beier <dontmind@freeshell.org>
:
Extra info received and forwarded to list. Copy sent to Luca Falavigna <dktrkranz@debian.org>
.
(Wed, 22 Oct 2014 11:36:05 GMT) (full text, mbox, link).
Message #10 received at 762745@bugs.debian.org (full text, mbox, reply):
Hi, I think all of those are fixed in the most recent upstream release: https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.10 Cheers, Christian
Severity set to 'grave' from 'important'
Request was from Moritz Muehlenhoff <jmm@inutil.org>
to control@bugs.debian.org
.
(Thu, 20 Nov 2014 22:03:21 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Luca Falavigna <dktrkranz@debian.org>
:
Bug#762745
; Package libvncserver
.
(Sun, 23 Nov 2014 15:39:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Tobias Frost <tobi@debian.org>
:
Extra info received and forwarded to list. Copy sent to Luca Falavigna <dktrkranz@debian.org>
.
(Sun, 23 Nov 2014 15:39:08 GMT) (full text, mbox, link).
Message #17 received at 762745@bugs.debian.org (full text, mbox, reply):
Control: tags 762745 + patch Dear maintainer, I prepared below patch by cherry-picking upstream patches. I did NOT yet test the resulting package, but I will do ASAP. Meanwhile feeback is appreciated. (I will after testing probably do an NMU to DELAY/5, but I will announce that seperatly.) -- tobi Regards. diff -Nru libvncserver-0.9.9+dfsg/debian/changelog libvncserver-0.9.9+dfsg/debian/changelog --- libvncserver-0.9.9+dfsg/debian/changelog 2014-08-12 16:02:30.000000000 +0200 +++ libvncserver-0.9.9+dfsg/debian/changelog 2014-11-23 16:19:53.000000000 +0100 @@ -1,3 +1,12 @@ +libvncserver (0.9.9+dfsg-6.1) unstable; urgency=medium + + * Non-maintainer upload. + * CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055: + Multiple issues in libVNCserver -- cherry picking targeted fixed from + upstream (Closes: #762745) + + -- Tobias Frost <tobi@debian.org> Sun, 23 Nov 2014 16:19:53 +0100 + libvncserver (0.9.9+dfsg-6) unstable; urgency=medium [ Luca Falavigna ] diff -Nru libvncserver-0.9.9+dfsg/debian/patches/CVE-2014-6051.patch libvncserver-0.9.9+dfsg/debian/patches/CVE-2014-6051.patch --- libvncserver-0.9.9+dfsg/debian/patches/CVE-2014-6051.patch 1970-01-01 01:00:00.000000000 +0100 +++ libvncserver-0.9.9+dfsg/debian/patches/CVE-2014-6051.patch 2014-11-23 15:29:25.000000000 +0100 @@ -0,0 +1,39 @@ +Description: Fix integer overflow in MallocFrameBuffer() (CVE-2014-6051) + Promote integers to uint64_t to avoid integer overflow issue during + frame buffer allocation for very large screen sizes +Origin: https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: libvncserver-0.9.9+dfsg/libvncclient/vncviewer.c +=================================================================== +--- libvncserver-0.9.9+dfsg.orig/libvncclient/vncviewer.c ++++ libvncserver-0.9.9+dfsg/libvncclient/vncviewer.c +@@ -82,9 +82,27 @@ static char* ReadPassword(rfbClient* cli + #endif + } + static rfbBool MallocFrameBuffer(rfbClient* client) { ++uint64_t allocSize; ++ + if(client->frameBuffer) + free(client->frameBuffer); +- client->frameBuffer=malloc(client->width*client->height*client->format.bitsPerPixel/8); ++ ++ /* SECURITY: promote 'width' into uint64_t so that the multiplication does not overflow ++ 'width' and 'height' are 16-bit integers per RFB protocol design ++ SIZE_MAX is the maximum value that can fit into size_t ++ */ ++ allocSize = (uint64_t)client->width * client->height * client->format.bitsPerPixel/8; ++ ++ if (allocSize >= SIZE_MAX) { ++ rfbClientErr("CRITICAL: cannot allocate frameBuffer, requested size is too large\n"); ++ return FALSE; ++ } ++ ++ client->frameBuffer=malloc( (size_t)allocSize ); ++ ++ if (client->frameBuffer == NULL) ++ rfbClientErr("CRITICAL: frameBuffer allocation failed, requested size too large or not enough memory?\n"); ++ + return client->frameBuffer?TRUE:FALSE; + } + diff -Nru libvncserver-0.9.9+dfsg/debian/patches/CVE-2014-6052.patch libvncserver-0.9.9+dfsg/debian/patches/CVE-2014-6052.patch --- libvncserver-0.9.9+dfsg/debian/patches/CVE-2014-6052.patch 1970-01-01 01:00:00.000000000 +0100 +++ libvncserver-0.9.9+dfsg/debian/patches/CVE-2014-6052.patch 2014-11-23 15:39:16.000000000 +0100 @@ -0,0 +1,56 @@ +Description: Check for MallocFrameBuffer() return value (CVE-2014-6052) + If MallocFrameBuffer() returns FALSE, frame buffer pointer is left to + NULL. Subsequent writes into that buffer could lead to memory + corruption, or even arbitrary code execution. +Origin: https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: libvncserver-0.9.9+dfsg/libvncclient/rfbproto.c +=================================================================== +--- libvncserver-0.9.9+dfsg.orig/libvncclient/rfbproto.c ++++ libvncserver-0.9.9+dfsg/libvncclient/rfbproto.c +@@ -1807,7 +1807,8 @@ HandleRFBServerMessage(rfbClient* client + client->updateRect.x = client->updateRect.y = 0; + client->updateRect.w = client->width; + client->updateRect.h = client->height; +- client->MallocFrameBuffer(client); ++ if (!client->MallocFrameBuffer(client)) ++ return FALSE; + SendFramebufferUpdateRequest(client, 0, 0, rect.r.w, rect.r.h, FALSE); + rfbClientLog("Got new framebuffer size: %dx%d\n", rect.r.w, rect.r.h); + continue; +@@ -2260,7 +2261,8 @@ HandleRFBServerMessage(rfbClient* client + client->updateRect.x = client->updateRect.y = 0; + client->updateRect.w = client->width; + client->updateRect.h = client->height; +- client->MallocFrameBuffer(client); ++ if (!client->MallocFrameBuffer(client)) ++ return FALSE; + SendFramebufferUpdateRequest(client, 0, 0, client->width, client->height, FALSE); + rfbClientLog("Got new framebuffer size: %dx%d\n", client->width, client->height); + break; +@@ -2276,7 +2278,9 @@ HandleRFBServerMessage(rfbClient* client + client->updateRect.x = client->updateRect.y = 0; + client->updateRect.w = client->width; + client->updateRect.h = client->height; +- client->MallocFrameBuffer(client); ++ if (!client->MallocFrameBuffer(client)) ++ return FALSE; ++ + SendFramebufferUpdateRequest(client, 0, 0, client->width, client->height, FALSE); + rfbClientLog("Got new framebuffer size: %dx%d\n", client->width, client->height); + break; +Index: libvncserver-0.9.9+dfsg/libvncclient/vncviewer.c +=================================================================== +--- libvncserver-0.9.9+dfsg.orig/libvncclient/vncviewer.c ++++ libvncserver-0.9.9+dfsg/libvncclient/vncviewer.c +@@ -243,7 +243,8 @@ static rfbBool rfbInitConnection(rfbClie + + client->width=client->si.framebufferWidth; + client->height=client->si.framebufferHeight; +- client->MallocFrameBuffer(client); ++ if (!client->MallocFrameBuffer(client)) ++ return FALSE; + + if (!SetFormatAndEncodings(client)) + return FALSE; diff -Nru libvncserver-0.9.9+dfsg/debian/patches/CVE-2014-6054.patch libvncserver-0.9.9+dfsg/debian/patches/CVE-2014-6054.patch --- libvncserver-0.9.9+dfsg/debian/patches/CVE-2014-6054.patch 1970-01-01 01:00:00.000000000 +0100 +++ libvncserver-0.9.9+dfsg/debian/patches/CVE-2014-6054.patch 2014-11-23 15:54:17.000000000 +0100 @@ -0,0 +1,39 @@ +Description: Do not accept a scaling factor of zero (CVE-2014-6054) + Do not accept a scaling factor of zero on + PalmVNCSetScaleFactor and SetScale client->server messages. This would cause + a division by zero and crash the server. +Origin: https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: libvncserver-0.9.9+dfsg/libvncserver/rfbserver.c +=================================================================== +--- libvncserver-0.9.9+dfsg.orig/libvncserver/rfbserver.c ++++ libvncserver-0.9.9+dfsg/libvncserver/rfbserver.c +@@ -2487,6 +2487,13 @@ rfbProcessClientNormalMessage(rfbClientP + rfbCloseClient(cl); + return; + } ++ ++ if (msg.ssc.scale == 0) { ++ rfbLogPerror("rfbProcessClientNormalMessage: will not accept a scale factor of zero"); ++ rfbCloseClient(cl); ++ return; ++ } ++ + rfbStatRecordMessageRcvd(cl, msg.type, sz_rfbSetScaleMsg, sz_rfbSetScaleMsg); + rfbLog("rfbSetScale(%d)\n", msg.ssc.scale); + rfbScalingSetup(cl,cl->screen->width/msg.ssc.scale, cl->screen->height/msg.ssc.scale); +@@ -2503,6 +2510,13 @@ rfbProcessClientNormalMessage(rfbClientP + rfbCloseClient(cl); + return; + } ++ ++ if (msg.ssc.scale == 0) { ++ rfbLogPerror("rfbProcessClientNormalMessage: will not accept a scale factor of zero"); ++ rfbCloseClient(cl); ++ return; ++ } ++ + rfbStatRecordMessageRcvd(cl, msg.type, sz_rfbSetScaleMsg, sz_rfbSetScaleMsg); + rfbLog("rfbSetScale(%d)\n", msg.ssc.scale); + rfbScalingSetup(cl,cl->screen->width/msg.ssc.scale, cl->screen->height/msg.ssc.scale); diff -Nru libvncserver-0.9.9+dfsg/debian/patches/CVE-2014-6055.patch libvncserver-0.9.9+dfsg/debian/patches/CVE-2014-6055.patch --- libvncserver-0.9.9+dfsg/debian/patches/CVE-2014-6055.patch 1970-01-01 01:00:00.000000000 +0100 +++ libvncserver-0.9.9+dfsg/debian/patches/CVE-2014-6055.patch 2014-11-23 16:29:51.000000000 +0100 @@ -0,0 +1,152 @@ +Descript$ion: Fix multiple stack-based buffer overflows in file transfer feature + Note: The patch has been modified to be a targeting fix without the risk of breaking +ABI -- https://bugzilla.redhat.com/show_bug.cgi?id=1144293#c2. +However, as this function is not in header it is unlikely to be used outside of the lib. +Origin: https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e +Origin: https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677 +Origin: https://github.com/newsoft/libvncserver/commit/256964b884c980038cd8b2f0d180fbb295b1c748 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: libvncserver-0.9.9+dfsg/libvncserver/rfbserver.c +=================================================================== +--- libvncserver-0.9.9+dfsg.orig/libvncserver/rfbserver.c ++++ libvncserver-0.9.9+dfsg/libvncserver/rfbserver.c +@@ -1237,21 +1237,35 @@ typedef struct { + #define RFB_FILE_ATTRIBUTE_TEMPORARY 0x100 + #define RFB_FILE_ATTRIBUTE_COMPRESSED 0x800 + +-rfbBool rfbFilenameTranslate2UNIX(rfbClientPtr cl, char *path, char *unixPath) ++rfbBool rfbFilenameTranslate2UNIX(rfbClientPtr cl, /* in */ char *path, /* out */ char *unixPath ) + { + int x; + char *home=NULL; +- ++ size_t unixPathMaxLen = MAX_PATH; + FILEXFER_ALLOWED_OR_CLOSE_AND_RETURN("", cl, FALSE); + ++ /* ++ * Do not use strncpy() - truncating the file name would probably have undesirable side effects ++ * Instead check if destination buffer is big enough ++ */ ++ ++ if (strlen(path) >= unixPathMaxLen) ++ return FALSE; ++ + /* C: */ + if (path[0]=='C' && path[1]==':') ++ { + strcpy(unixPath, &path[2]); ++ } + else + { + home = getenv("HOME"); + if (home!=NULL) + { ++ /* Re-check buffer size */ ++ if ((strlen(path) + strlen(home) + 1) >= unixPathMaxLen) ++ return FALSE; ++ + strcpy(unixPath, home); + strcat(unixPath,"/"); + strcat(unixPath, path); +@@ -1289,7 +1303,8 @@ rfbBool rfbSendDirContent(rfbClientPtr c + FILEXFER_ALLOWED_OR_CLOSE_AND_RETURN("", cl, FALSE); + + /* Client thinks we are Winblows */ +- rfbFilenameTranslate2UNIX(cl, buffer, path); ++ if (!rfbFilenameTranslate2UNIX(cl, buffer, path)) ++ return FALSE; + + if (DB) rfbLog("rfbProcessFileTransfer() rfbDirContentRequest: rfbRDirContent: \"%s\"->\"%s\"\n",buffer, path); + +@@ -1566,7 +1581,9 @@ rfbBool rfbProcessFileTransfer(rfbClient + /* add some space to the end of the buffer as we will be adding a timespec to it */ + if ((buffer = rfbProcessFileTransferReadBuffer(cl, length))==NULL) return FALSE; + /* The client requests a File */ +- rfbFilenameTranslate2UNIX(cl, buffer, filename1); ++ if (!rfbFilenameTranslate2UNIX(cl, buffer, filename1)) ++ goto fail; ++ + cl->fileTransfer.fd=open(filename1, O_RDONLY, 0744); + + /* +@@ -1660,16 +1677,17 @@ rfbBool rfbProcessFileTransfer(rfbClient + */ + if ((buffer = rfbProcessFileTransferReadBuffer(cl, length))==NULL) return FALSE; + +- /* Parse the FileTime */ ++ /* Parse the FileTime ++ * TODO: FileTime is actually never used afterwards ++ */ + p = strrchr(buffer, ','); + if (p!=NULL) { + *p = '\0'; +- strcpy(szFileTime, p+1); ++ strncpy(szFileTime, p+1, sizeof(szFileTime)); ++ szFileTime[sizeof(szFileTime)-1] = '\x00'; /* ensure NULL terminating byte is present, even if copy overflowed */ + } else + szFileTime[0]=0; + +- +- + /* Need to read in sizeHtmp */ + if ((n = rfbReadExact(cl, (char *)&sizeHtmp, 4)) <= 0) { + if (n != 0) +@@ -1681,7 +1699,8 @@ rfbBool rfbProcessFileTransfer(rfbClient + } + sizeHtmp = Swap32IfLE(sizeHtmp); + +- rfbFilenameTranslate2UNIX(cl, buffer, filename1); ++ if (!rfbFilenameTranslate2UNIX(cl, buffer, filename1)) ++ goto fail; + + /* If the file exists... We can send a rfbFileChecksums back to the client before we send an rfbFileAcceptHeader */ + /* TODO: Delta Transfer */ +@@ -1810,7 +1829,9 @@ rfbBool rfbProcessFileTransfer(rfbClient + if ((buffer = rfbProcessFileTransferReadBuffer(cl, length))==NULL) return FALSE; + switch (contentParam) { + case rfbCDirCreate: /* Client requests the creation of a directory */ +- rfbFilenameTranslate2UNIX(cl, buffer, filename1); ++ if (!rfbFilenameTranslate2UNIX(cl, buffer, filename1)) ++ goto fail; ++ + retval = mkdir(filename1, 0755); + if (DB) rfbLog("rfbProcessFileTransfer() rfbCommand: rfbCDirCreate(\"%s\"->\"%s\") %s\n", buffer, filename1, (retval==-1?"Failed":"Success")); + /* +@@ -1819,7 +1840,9 @@ rfbBool rfbProcessFileTransfer(rfbClient + if (buffer!=NULL) free(buffer); + return retval; + case rfbCFileDelete: /* Client requests the deletion of a file */ +- rfbFilenameTranslate2UNIX(cl, buffer, filename1); ++ if (!rfbFilenameTranslate2UNIX(cl, buffer, filename1)) ++ goto fail; ++ + if (stat(filename1,&statbuf)==0) + { + if (S_ISDIR(statbuf.st_mode)) +@@ -1837,8 +1860,12 @@ rfbBool rfbProcessFileTransfer(rfbClient + { + /* Split into 2 filenames ('*' is a seperator) */ + *p = '\0'; +- rfbFilenameTranslate2UNIX(cl, buffer, filename1); +- rfbFilenameTranslate2UNIX(cl, p+1, filename2); ++ if (!rfbFilenameTranslate2UNIX(cl, buffer, filename1)) ++ goto fail; ++ ++ if (!rfbFilenameTranslate2UNIX(cl, p+1, filename2)) ++ goto fail; ++ + retval = rename(filename1,filename2); + if (DB) rfbLog("rfbProcessFileTransfer() rfbCommand: rfbCFileRename(\"%s\"->\"%s\" -->> \"%s\"->\"%s\") %s\n", buffer, filename1, p+1, filename2, (retval==-1?"Failed":"Success")); + /* +@@ -1858,6 +1885,10 @@ rfbBool rfbProcessFileTransfer(rfbClient + /* NOTE: don't forget to free(buffer) if you return early! */ + if (buffer!=NULL) free(buffer); + return TRUE; ++ ++fail: ++ if (buffer!=NULL) free(buffer); ++ return FALSE; + } + + /* diff -Nru libvncserver-0.9.9+dfsg/debian/patches/CVE-2015-6053.patch libvncserver-0.9.9+dfsg/debian/patches/CVE-2015-6053.patch --- libvncserver-0.9.9+dfsg/debian/patches/CVE-2015-6053.patch 1970-01-01 01:00:00.000000000 +0100 +++ libvncserver-0.9.9+dfsg/debian/patches/CVE-2015-6053.patch 2014-11-23 15:45:29.000000000 +0100 @@ -0,0 +1,24 @@ +Description: Check malloc() return value (CVE-2014-6053) + Check malloc() return value on client->server ClientCutText + message. Client can send up to 2**32-1 bytes of text, and such a large + allocation is likely to fail in case of high memory pressure. This would in a + server crash (write at address 0). +Origin: https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: libvncserver-0.9.9+dfsg/libvncserver/rfbserver.c +=================================================================== +--- libvncserver-0.9.9+dfsg.orig/libvncserver/rfbserver.c ++++ libvncserver-0.9.9+dfsg/libvncserver/rfbserver.c +@@ -2457,6 +2457,11 @@ rfbProcessClientNormalMessage(rfbClientP + msg.cct.length = Swap32IfLE(msg.cct.length); + + str = (char *)malloc(msg.cct.length); ++ if (str == NULL) { ++ rfbLogPerror("rfbProcessClientNormalMessage: not enough memory"); ++ rfbCloseClient(cl); ++ return; ++ } + + if ((n = rfbReadExact(cl, str, msg.cct.length)) <= 0) { + if (n != 0) diff -Nru libvncserver-0.9.9+dfsg/debian/patches/series libvncserver-0.9.9+dfsg/debian/patches/series --- libvncserver-0.9.9+dfsg/debian/patches/series 2014-08-11 00:21:58.000000000 +0200 +++ libvncserver-0.9.9+dfsg/debian/patches/series 2014-11-23 16:03:36.000000000 +0100 @@ -5,3 +5,8 @@ listenSock.patch ppc64el.patch pkgconfig.patch +CVE-2014-6051.patch +CVE-2014-6052.patch +CVE-2015-6053.patch +CVE-2014-6054.patch +CVE-2014-6055.patch
Added tag(s) patch.
Request was from Tobias Frost <tobi@debian.org>
to 762745-submit@bugs.debian.org
.
(Sun, 23 Nov 2014 15:39:08 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from Tobias Frost <tobi@debian.org>
to control@bugs.debian.org
.
(Sun, 23 Nov 2014 15:57:08 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Luca Falavigna <dktrkranz@debian.org>
:
Bug#762745
; Package libvncserver
.
(Sun, 23 Nov 2014 16:00:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Tobias Frost <tobi@debian.org>
:
Extra info received and forwarded to list. Copy sent to Luca Falavigna <dktrkranz@debian.org>
.
(Sun, 23 Nov 2014 16:00:08 GMT) (full text, mbox, link).
Message #26 received at 762745@bugs.debian.org (full text, mbox, reply):
After testing and looks that it is working, I will upload it to DELAYED/5. Please let me know if I should cancel it or delay it further. Thanks! -- tobi
Information forwarded
to debian-bugs-dist@lists.debian.org, Luca Falavigna <dktrkranz@debian.org>
:
Bug#762745
; Package libvncserver
.
(Sun, 23 Nov 2014 20:45:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Luca Falavigna <dktrkranz@debian.org>
.
(Sun, 23 Nov 2014 20:45:04 GMT) (full text, mbox, link).
Message #31 received at 762745@bugs.debian.org (full text, mbox, reply):
Hi Tobi, On Sun, Nov 23, 2014 at 04:57:28PM +0100, Tobias Frost wrote: > After testing and looks that it is working, I will upload it to > DELAYED/5. > Please let me know if I should cancel it or delay it further. Please note that there is ongoing work by the maintainer asking for a pre-approval on the release team, see #770501. There is a probme as it seems tehere is an API/ABI break. So please double check with Luca (cc'ed him). Regards, Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Luca Falavigna <dktrkranz@debian.org>
:
Bug#762745
; Package libvncserver
.
(Mon, 24 Nov 2014 00:09:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Tobias Frost <tobi@debian.org>
:
Extra info received and forwarded to list. Copy sent to Luca Falavigna <dktrkranz@debian.org>
.
(Mon, 24 Nov 2014 00:09:05 GMT) (full text, mbox, link).
Message #36 received at 762745@bugs.debian.org (full text, mbox, reply):
Hi Salvatore, Am Sonntag, den 23.11.2014, 21:44 +0100 schrieb Salvatore Bonaccorso: > Hi Tobi, > > On Sun, Nov 23, 2014 at 04:57:28PM +0100, Tobias Frost wrote: > > After testing and looks that it is working, I will upload it to > > DELAYED/5. > > Please let me know if I should cancel it or delay it further. > > Please note that there is ongoing work by the maintainer asking for a > pre-approval on the release team, see #770501. There is a probme as it > seems tehere is an API/ABI break. > > So please double check with Luca (cc'ed him). > > Regards, > Salvatore thanks for the feedback. Regarding the ABI -- my patch considers that: The ABI is strictly the same, even if no application should use that ABI (it's exported, but not declared by the header): The patch does not add the additional parameter, but enforces the limit PATH_MAX -- this is consitent with the usage of this function from (within) the library. IMHO applications using this function would be buggy as it uses a non-properly-prototyped-exported function; also codesearch.d.n indicates that there is no such call in the archives [1] Regarding #770501, thanks for the hint (sigh, why do people not indicate that in the bugs they want to fix? :-/ e-g blocked-by or pending tags or just submitting the patch to the BTS?) (IMHO issue #766257, is not covered by the freeze policy) -- tobi [1] http://codesearch.debian.net/search?q=rfbFilenameTranslate2UNIX
Reply sent
to Tobias Frost <tobi@debian.org>
:
You have taken responsibility.
(Fri, 28 Nov 2014 16:39:05 GMT) (full text, mbox, link).
Notification sent
to Luciano Bello <luciano@debian.org>
:
Bug acknowledged by developer.
(Fri, 28 Nov 2014 16:39:05 GMT) (full text, mbox, link).
Message #41 received at 762745-close@bugs.debian.org (full text, mbox, reply):
Source: libvncserver Source-Version: 0.9.9+dfsg-6.1 We believe that the bug you reported is fixed in the latest version of libvncserver, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 762745@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tobias Frost <tobi@debian.org> (supplier of updated libvncserver package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 23 Nov 2014 16:19:53 +0100 Source: libvncserver Binary: libvncclient0 libvncserver0 libvncserver-dev libvncserver-config libvncclient0-dbg libvncserver0-dbg linuxvnc Architecture: source amd64 Version: 0.9.9+dfsg-6.1 Distribution: unstable Urgency: medium Maintainer: Luca Falavigna <dktrkranz@debian.org> Changed-By: Tobias Frost <tobi@debian.org> Description: libvncclient0 - API to write one's own vnc server - client library libvncclient0-dbg - debugging symbols for libvncclient libvncserver-config - API to write one's own vnc server - library utility libvncserver-dev - API to write one's own vnc server - development files libvncserver0 - API to write one's own vnc server libvncserver0-dbg - debugging symbols for libvncserver linuxvnc - VNC server to allow remote access to a tty Closes: 762745 Changes: libvncserver (0.9.9+dfsg-6.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055: Multiple issues in libVNCserver -- cherry picking targeted fixed from upstream (Closes: #762745) Checksums-Sha1: 6546f3f98c88d0bdc851f5641d2bf8b6bd02b057 2406 libvncserver_0.9.9+dfsg-6.1.dsc dfabe375125fffd77a13c98e7d313a6437490925 21860 libvncserver_0.9.9+dfsg-6.1.debian.tar.xz a9e8c19c6f542007f942e513f403f32e671eeb64 125226 libvncclient0_0.9.9+dfsg-6.1_amd64.deb 30e0f191ca5907e78c14a4c02bbe8452084cf602 192034 libvncserver0_0.9.9+dfsg-6.1_amd64.deb b0b6ff06bd03ff520edf4a62e0824ebd268cf0dd 275632 libvncserver-dev_0.9.9+dfsg-6.1_amd64.deb 92a549c988835ab7855de08c81920e5dedbbb3aa 90512 libvncserver-config_0.9.9+dfsg-6.1_amd64.deb efd4f67a6ebfd78d0ad8c8d2ce163d8808696d39 173156 libvncclient0-dbg_0.9.9+dfsg-6.1_amd64.deb c0ccdfe9c81db6882e24ac18c84d42716e979eb7 382900 libvncserver0-dbg_0.9.9+dfsg-6.1_amd64.deb adea0233aa3d38dec44d7d58c308ea19013c6498 86500 linuxvnc_0.9.9+dfsg-6.1_amd64.deb Checksums-Sha256: 7a28bf115be27d84240ac7a6c4964cddc7d4b7ef7d73133436b732219c1f5664 2406 libvncserver_0.9.9+dfsg-6.1.dsc 502670cd2ae96d5cbafa0387e94529421152617aa59d20d726a57e24e771a18a 21860 libvncserver_0.9.9+dfsg-6.1.debian.tar.xz 1e2b4fb28dea737cf0aa583552a57ff02244b378f9529f706e7dd8c8cd1deb37 125226 libvncclient0_0.9.9+dfsg-6.1_amd64.deb 15359ef274f3be793e78691dfef20ef5e4dbbc089e9f99fc8c79e249c05e5a5a 192034 libvncserver0_0.9.9+dfsg-6.1_amd64.deb 2bd51d2a8cfb4c970c312edb779b373a003e768237c9dfeaba0f945342ba71c5 275632 libvncserver-dev_0.9.9+dfsg-6.1_amd64.deb 9da87b8a87437d0ee57a35e240425ecb1f4625abc04190bb3fd4f5bdb938668c 90512 libvncserver-config_0.9.9+dfsg-6.1_amd64.deb f263a992583303c5923cb6fd3bb5c392ccda22831f40adb87f9c56dc1e2ea77f 173156 libvncclient0-dbg_0.9.9+dfsg-6.1_amd64.deb 17bdc1d11ae316b57257631f520286769416e3397f53b367ef0801965d436200 382900 libvncserver0-dbg_0.9.9+dfsg-6.1_amd64.deb 1a3c632899de38b39733313c252a17f4ea71f4f53a451b3e6b7c2455053f03ff 86500 linuxvnc_0.9.9+dfsg-6.1_amd64.deb Files: 255d829efb55501d225cc1731e0c48d6 2406 libs optional libvncserver_0.9.9+dfsg-6.1.dsc c2458b74138d3b9692bb59b1f7c769ed 21860 libs optional libvncserver_0.9.9+dfsg-6.1.debian.tar.xz a1cc3624641b5432a9884eb6d1825e9c 125226 libs optional libvncclient0_0.9.9+dfsg-6.1_amd64.deb 1052b76b045ae7e5c26ce0b99a6c7351 192034 libs optional libvncserver0_0.9.9+dfsg-6.1_amd64.deb d707b0a09ab7dc8e255bed42e4cf442c 275632 libdevel optional libvncserver-dev_0.9.9+dfsg-6.1_amd64.deb 899ddb909fa86533822f18325b84000d 90512 libdevel optional libvncserver-config_0.9.9+dfsg-6.1_amd64.deb 8aef5bde882fec80429c8c72ac94da01 173156 debug extra libvncclient0-dbg_0.9.9+dfsg-6.1_amd64.deb 5f783c82b79257cb7dd0d702cd1b1e35 382900 debug extra libvncserver0-dbg_0.9.9+dfsg-6.1_amd64.deb 4e6d20c50bf3607027f4f954f45fd3e0 86500 net optional linuxvnc_0.9.9+dfsg-6.1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUcgTLAAoJEJFk+h0XvV02V/UP/2kXde1kJnmnqKPZO0/4bV+c mkJJF17cNKLuPwZcuzmuzfUPAF1wKCulqO5LfNkD386octdoQo/dkuZTT2JWVczK Z3+0KbSslhW89yzPPc+tXEhj1SVOlfvuVONeqOo3jSR7I9UpEAtSKckULp6amKy3 JqSsLEAPJEFVIIHEMAA1VgxwLO7+wuySXUN2b+jL759r8JyCHQ+h49tvTMTNDtfc SHbOSTZ0Y/rH4JSVRM5YkR1dgXGtufwlWnlBpZoj6hGbMtJSNJLFs0EmShdGQ7s1 HAmdn5MUHdGGKYcaxys0YRjyYfGpfCF1gZt1ZWxfmgHF3M9CPLGqJgd5vxgJNmIY aypMdDTVELH1RvONUOFcOlmHJoq28IgWjI7MqLyEA3lzSPQ/37FBbdhcnrq6+NuR HZXnFj/xADEUeS5E3qKCelbHMbBouaBpcmWL097YLz1yZkWww45FCTPzlqLbGcUu 949VKBy0RwseMgZJ+pPg73dcZKtfsf4DYj2fsq7Ye390s9iGkGA6gjXkOnmEEn4b hXBv1uD+Ahtj+1RxSkx54/NMKD6S1/DrgN6E4y7mMBKkuaxyVF5Oljr3z+TleiRh Imwajbuqadclcf/MB4x16VT4ZmVy56BO5NcSPzBuQWtApVCWu83Siieg9tGxCbAR ypAWCQnMnQr7EEJf26in =7AIs -----END PGP SIGNATURE-----
Reply sent
to Tobias Frost <tobi@debian.org>
:
You have taken responsibility.
(Mon, 08 Dec 2014 15:33:05 GMT) (full text, mbox, link).
Notification sent
to Luciano Bello <luciano@debian.org>
:
Bug acknowledged by developer.
(Mon, 08 Dec 2014 15:33:05 GMT) (full text, mbox, link).
Message #46 received at 762745-close@bugs.debian.org (full text, mbox, reply):
Source: libvncserver Source-Version: 0.9.9+dfsg-1+deb7u1 We believe that the bug you reported is fixed in the latest version of libvncserver, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 762745@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tobias Frost <tobi@debian.org> (supplier of updated libvncserver package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 28 Nov 2014 21:34:11 +0000 Source: libvncserver Binary: libvncserver0 libvncserver-dev libvncserver-config libvncserver0-dbg linuxvnc Architecture: source amd64 Version: 0.9.9+dfsg-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Luca Falavigna <dktrkranz@debian.org> Changed-By: Tobias Frost <tobi@debian.org> Description: libvncserver-config - API to write one's own vnc server - library utility libvncserver-dev - API to write one's own vnc server - development files libvncserver0 - API to write one's own vnc server libvncserver0-dbg - debugging symbols for libvncserver linuxvnc - VNC server to allow remote access to a tty Closes: 762745 Changes: libvncserver (0.9.9+dfsg-1+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload for the Security Team. * CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055: Multiple issues in libVNCserver -- cherry picking targeted fixed from upstream. (Closes: #762745) Checksums-Sha1: 9c10b0dab7b8ae2a093d50b32ca782ecce7684ba 2214 libvncserver_0.9.9+dfsg-1+deb7u1.dsc 753f8242b08a0bd263b8c6d0842752b85c2752c9 870165 libvncserver_0.9.9+dfsg.orig.tar.gz 90acc2d53c53e2c37b0fe839d2537ca08c34eff6 16968 libvncserver_0.9.9+dfsg-1+deb7u1.debian.tar.gz 7ccb1f68dd3dd1eb9e650ec4f4fdd00580e5686c 279898 libvncserver0_0.9.9+dfsg-1+deb7u1_amd64.deb b9a5fbd15cbe0a5cde52c8a02a1cd429044c8c46 334830 libvncserver-dev_0.9.9+dfsg-1+deb7u1_amd64.deb 7d02a0bb0eaf0dd77a531e770125cb06987276ea 74754 libvncserver-config_0.9.9+dfsg-1+deb7u1_amd64.deb 141cda543570a6731be708e8e147662aa58d250a 595114 libvncserver0-dbg_0.9.9+dfsg-1+deb7u1_amd64.deb 38bb36ebc4a9280a8f01ecc55454e6e59228de15 86864 linuxvnc_0.9.9+dfsg-1+deb7u1_amd64.deb Checksums-Sha256: e1d3bcd74a0ac271fe68f8f40f9187463c39c9da3a85d66f8614f9ca8bb1b9f0 2214 libvncserver_0.9.9+dfsg-1+deb7u1.dsc 8586a0b6caa3ddb2efada804e888713232b2ced8e86a83b96b81c2016c387412 870165 libvncserver_0.9.9+dfsg.orig.tar.gz 015c7de9a50149c4931f878191459444231d6257b946914653b87f98a1879c57 16968 libvncserver_0.9.9+dfsg-1+deb7u1.debian.tar.gz e5b44e2a33296941a5b685bc3ffecda419c8c9e9efaaf43bd18403227c2882a5 279898 libvncserver0_0.9.9+dfsg-1+deb7u1_amd64.deb f02c7a7a97b076421d6c79fe7078e200bfc5bcdff7b9b6ef1274bb6345dbbf62 334830 libvncserver-dev_0.9.9+dfsg-1+deb7u1_amd64.deb fd3bdb43a43c678a27a95c5d6933f213a4f3c5c0a725390e5f7a566fa4bd75e3 74754 libvncserver-config_0.9.9+dfsg-1+deb7u1_amd64.deb 9d7079f26c8971f034bfc965e948654b18f21643eb04c2d80bf9c177671b9f77 595114 libvncserver0-dbg_0.9.9+dfsg-1+deb7u1_amd64.deb 9eab74c8e3ce3c42be2077f2b96ed4d0490b9962e0a7ea231319d83d01e021b5 86864 linuxvnc_0.9.9+dfsg-1+deb7u1_amd64.deb Files: a96c660abd3188674f089568661f511b 2214 libs optional libvncserver_0.9.9+dfsg-1+deb7u1.dsc 2321da04142992da018a6176bcdf774e 870165 libs optional libvncserver_0.9.9+dfsg.orig.tar.gz 30bffb6b53e1a7b1020720a4df42389c 16968 libs optional libvncserver_0.9.9+dfsg-1+deb7u1.debian.tar.gz 551167e335bacf56c51ad552c243a21f 279898 libs optional libvncserver0_0.9.9+dfsg-1+deb7u1_amd64.deb cae464263857ca0e97ef220f36928035 334830 libdevel optional libvncserver-dev_0.9.9+dfsg-1+deb7u1_amd64.deb d80382c57cbf2d673c2cec459cccdc6a 74754 libdevel optional libvncserver-config_0.9.9+dfsg-1+deb7u1_amd64.deb 96018cd3dc3964109bcaffcd2e9aec34 595114 debug extra libvncserver0-dbg_0.9.9+dfsg-1+deb7u1_amd64.deb f6d9dc0499afc18b3f05cd55c4ed822c 86864 net optional linuxvnc_0.9.9+dfsg-1+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUecgQAAoJEJFk+h0XvV02u3gQANFHZR10k60xRj2Mzko0GbV3 AFNRP7mfXOeR78wad3SZPNnfIu7eSTWhdM11cKdXyGJoxFM/uwyFaE6ymwpoHWVB avZvLiLPc8uKqufU39pZUMSFkfIkR/Kk+0Fo/06gtpXIvZHzx7wOjCoGcEhVUvfz ieBwsexhoGsrwamtZR3MQjchfB5SCvuvOiLD4HFiKMpgzjz56e+zBBtUKk5Jjvs4 bRapBo1dSuaHVOKV4hjCqJ1p/wU99Fuu/uMRrDTK053WLYREKiw2KCC3wUWusDJi 7eEdkiP69JhKKSDT3vTIuv5yyNILlTzn1duXdI3QI0rlAiTDY4AwLyreSVLde7S4 GBnpdt8/bpMfxqWNOs3ICCTPQfqaICwWxTJg21+AP2R1uOvpRyrJHXzgo9Wjo31v ST5clCXZffjcrlb8i5LI+UfAZJ4cgJ7wadL8qWoL49e5Bqo/wjgSTej9XwLlXEKA 9AQQgVzAF4QffpXOD+QwSleBipL7M+3ldb5UNlMLtfkxFohv7z5ZGjQGeKshMH3k XucH9xMhF4UzeUKIPSlL2HPd9PgHdlfJpk1Dwg8hNbPrRs1829o/RqxSdhIXU8gc KAFEfBRv9DIcXtou9r1q9htBpoPVFwOMS8ut3dAsoViSjHgjg1n32GSDm3Y6Pbyn gzbC3uR/GixNB7yxklhM =ntGD -----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 11 Jan 2015 07:29:43 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.