RealVNC released a new version of VNC. This new version is 4.1.2. It fixes a security vulnerability that would allow an attacker to login without a password. I was unable to find a source tar ball. They provide only binaries at this point. http://realvnc.com/ I did not see any more detailed information on specifics of the bug.
Opening bug to public, since the information comes from the package's homepage anyways. Aliz, please have a look and provide new ebuilds, thank you.
sorry for bugspam, forgot to edit some bug details
Please note this security vulnerability only affects realvnc 4.1.x, and at the moment I believe the version in portage is 4.0.x. If further specifics concerning the bug are required, please let me know... As such it isn't as critical to get a security fix out for it, however since we're at least a couple versions behind it would still be nice...
Where do you have that information from? The realvnc homepage is not very verbose about this issue?
Further information can be found at http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html. These are the people who initially reported the flaw.
we are not affected, thanks to ikelos for the headsup.
*** Bug 134819 has been marked as a duplicate of this bug. ***