First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 25982
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Matt Tesauro <mtesauro@bizlab.tamu.edu>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
digest-tightvnc-1.2.9 digest file for emerge text/plain Matt Tesauro 2003-08-05 14:22 0000 76 bytes Details
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 25982 depends on: Show dependency tree
Bug 25982 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2003-08-05 13:49 0000 
As posted here http://www.secunia.com/advisories/9441/ and here
http://www.tightvnc.com/whatsnew.html , for the Unix version of TightVNC "a
buffer overflow has been fixed in vncpasswd" and "A patch to fix input focus
problems in the X11 viewer has been applied".  Other minor patches also added to
version 1.2.9    For Sparc: "Xvnc crashes on Sparc".

------- Comment #1 From Matt Tesauro 2003-08-05 14:21:30 0000 ------- 
Just created a TightVNC-1.2.9 ebuild.  Here's the steps I took:

cd /usr/portage/net-misc/tightvnc
cp tightvnc-1.2.8.ebuild tightvnc-1.2.9.ebuild
[manual step] made digest-tighvnc-1.2.9  [I'll upload this]
cp tightvnc-1.2.8-gentoo.diff tightvnc-1.2.9-gentoo.diff
cp tightvnc-1.2.8-gentoo.security.patch tightvnc-1.2.9-gentoo.security.patch

emerge /usr/portage/net-misc/tightvnc-1.2.9.ebuild
....
>>> Regenerating /etc/ld.so.cache...
>>> net-misc/tightvnc-1.2.9 merged.

 net-misc/tightvnc
    selected: none
   protected: 1.2.9
     omitted: none

>>> clean: No packages selected for removal.

>>> Regenerating /etc/ld.so.cache...
>>> Auto-cleaning packages ...

>>> No outdated packages were found on your system.

The build worked fine when I tested it against a NT box running TightVNC 1.2.9 server:

mtesauro files $ /usr/bin/vncviewer
VNC server supports protocol version 3.3 (viewer 3.3)
VNC authentication succeeded
Desktop name "business"
Connected to VNC server, using protocol version 3.3
VNC server default format:
  16 bits per pixel.
  Least significant byte first in each pixel.
  True colour: max red 31 green 63 blue 31, shift red 11 green 5 blue 0
Using default colormap which is TrueColor.  Pixel format:
  32 bits per pixel.
  Least significant byte first in each pixel.
  True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
Using shared memory PutImage
ShmCleanup called
mtesauro files $

------- Comment #2 From Matt Tesauro 2003-08-05 14:22:55 0000 ------- 
Created an attachment (id=15566) [details]
digest file for emerge

manually created digest file in same format as digest-tightvnc-1.2.8

------- Comment #3 From Jason Wever (RETIRED) 2003-11-24 17:27:33 0000 ------- 
Security Team;

I'm guessing since that we already have tightvnc-1.2.9 in portage, that this is fixed.  Any problems with closing it?

------- Comment #4 From solar 2003-11-25 00:42:01 0000 ------- 
tightvnc is in portage already as weeve pointed out. 
changing resolution to FIXED. Skipping GLSA
First Last Prev Next    No search results available      Search page      Enter new bug