CVE-2017-7396 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7396): In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server. CVE-2017-7395 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7395): In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server. CVE-2017-7394 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7394): In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames. CVE-2017-7393 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7393): In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution. CVE-2017-7392 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7392): In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server. @Maintainer could you please confirm if we are affected by these vulnerabilities? Should be call for 1.8.0 stabilization? Thank you
I confirmed that these vulnerabilities affect to all architectures. Yes, at least hhpa should Stabilize. Also remove 1.7.1.
Added to existing glsa request.
*** This bug has been marked as a duplicate of bug 614742 ***
