As posted here http://www.secunia.com/advisories/9441/ and here http://www.tightvnc.com/whatsnew.html , for the Unix version of TightVNC "a buffer overflow has been fixed in vncpasswd" and "A patch to fix input focus problems in the X11 viewer has been applied". Other minor patches also added to version 1.2.9 For Sparc: "Xvnc crashes on Sparc".
Just created a TightVNC-1.2.9 ebuild. Here's the steps I took: cd /usr/portage/net-misc/tightvnc cp tightvnc-1.2.8.ebuild tightvnc-1.2.9.ebuild [manual step] made digest-tighvnc-1.2.9 [I'll upload this] cp tightvnc-1.2.8-gentoo.diff tightvnc-1.2.9-gentoo.diff cp tightvnc-1.2.8-gentoo.security.patch tightvnc-1.2.9-gentoo.security.patch emerge /usr/portage/net-misc/tightvnc-1.2.9.ebuild .... >>> Regenerating /etc/ld.so.cache... >>> net-misc/tightvnc-1.2.9 merged. net-misc/tightvnc selected: none protected: 1.2.9 omitted: none >>> clean: No packages selected for removal. >>> Regenerating /etc/ld.so.cache... >>> Auto-cleaning packages ... >>> No outdated packages were found on your system. The build worked fine when I tested it against a NT box running TightVNC 1.2.9 server: mtesauro files $ /usr/bin/vncviewer VNC server supports protocol version 3.3 (viewer 3.3) VNC authentication succeeded Desktop name "business" Connected to VNC server, using protocol version 3.3 VNC server default format: 16 bits per pixel. Least significant byte first in each pixel. True colour: max red 31 green 63 blue 31, shift red 11 green 5 blue 0 Using default colormap which is TrueColor. Pixel format: 32 bits per pixel. Least significant byte first in each pixel. True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0 Using shared memory PutImage ShmCleanup called mtesauro files $
Created attachment 15566 [details] digest file for emerge manually created digest file in same format as digest-tightvnc-1.2.8
Security Team; I'm guessing since that we already have tightvnc-1.2.9 in portage, that this is fixed. Any problems with closing it?
tightvnc is in portage already as weeve pointed out. changing resolution to FIXED. Skipping GLSA