CVE-2020-29260: libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d33d79334f52b44ddc670fa9461105d2cfc64ea9 commit d33d79334f52b44ddc670fa9461105d2cfc64ea9 Author: Alexander Tsoy <alexander@tsoy.me> AuthorDate: 2022-09-22 00:02:29 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-09-24 10:00:51 +0000 net-libs/libvncserver: fix CVE-2020-29260 Also update EAPI 7 -> 8 Bug: https://bugs.gentoo.org/868135 Signed-off-by: Alexander Tsoy <alexander@tsoy.me> Closes: https://github.com/gentoo/gentoo/pull/27388 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> .../files/libvncserver-0.9.13-CVE-2020-29260.patch | 27 ++++++++ .../libvncserver/libvncserver-0.9.13-r1.ebuild | 76 ++++++++++++++++++++++ 2 files changed, 103 insertions(+)
Thanks!
No need to GLSA, client side memory leak so it's unlikely to be a serious problem except in very special cases.
Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=42d5e9d6c8415ba4f6a09aac08b49a9af6958e55 commit 42d5e9d6c8415ba4f6a09aac08b49a9af6958e55 Author: Alexander Tsoy <alexander@tsoy.me> AuthorDate: 2022-09-30 15:06:46 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-30 15:18:27 +0000 net-libs/libvncserver: security cleanup Bug: https://bugs.gentoo.org/868135 Signed-off-by: Alexander Tsoy <alexander@tsoy.me> Closes: https://github.com/gentoo/gentoo/pull/27540 Signed-off-by: John Helmert III <ajak@gentoo.org> net-libs/libvncserver/libvncserver-0.9.13.ebuild | 75 ------------------------ 1 file changed, 75 deletions(-)
