937140 – <gui-libs/neatvnc-0.8.1: client-side authentication bypass

Bug 937140 - <gui-libs/neatvnc-0.8.1: client-side authentication bypass

Summary: <gui-libs/neatvnc-0.8.1: client-side authentication bypass

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major
Assignee:	Gentoo Security

URL:	https://www.openwall.com/lists/oss-se...
Whiteboard:	B1 [glsa+]
Keywords:	PullRequest

Depends on:	941717
Blocks:
	Show dependency tree

Reported:	2024-08-02 15:09 UTC by Christopher Fore
Modified:	2024-11-06 10:06 UTC (History)
CC List:	2 users (show)

See Also:	https://github.com/gentoo/gentoo/pull/39005
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christopher Fore 2024-08-02 15:09:33 UTC

No CVE or description from upstream (yet), but on the oss-security mailing list, one of the reporters said it is similar to CVE-2006-2369:
https://nvd.nist.gov/vuln/detail/CVE-2006-2369

https://www.openwall.com/lists/oss-security/2024/08/02/8


Please update to 0.8.1.

Comment 1 Larry the Git Cow gentoo-dev

2024-10-17 16:13:52 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6789d55b3e527e10adb0572681dd2ba80973873a

commit 6789d55b3e527e10adb0572681dd2ba80973873a
Author:     Christopher Fore <csfore@posteo.net>
AuthorDate: 2024-10-15 19:49:04 +0000
Commit:     Arthur Zamarin <arthurzam@gentoo.org>
CommitDate: 2024-10-17 16:13:43 +0000

    gui-libs/neatvnc: add 0.8.1, security bump
    
    - Tests pass
    
    Bug: https://bugs.gentoo.org/937140
    Signed-off-by: Christopher Fore <csfore@posteo.net>
    Closes: https://github.com/gentoo/gentoo/pull/39005
    Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>

 gui-libs/neatvnc/Manifest             |  1 +
 gui-libs/neatvnc/neatvnc-0.8.1.ebuild | 86 +++++++++++++++++++++++++++++++++++
 2 files changed, 87 insertions(+)

Comment 2 Larry the Git Cow gentoo-dev

2024-10-27 07:23:55 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a0e71a40d11953fa32e72c0064c6af08ec7bf98

commit 6a0e71a40d11953fa32e72c0064c6af08ec7bf98
Author:     Hans de Graaff <graaff@gentoo.org>
AuthorDate: 2024-10-27 07:23:11 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-10-27 07:23:25 +0000

    gui-libs/neatvnc: drop 0.8.0
    
    Bug: https://bugs.gentoo.org/937140
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 gui-libs/neatvnc/Manifest             |  1 -
 gui-libs/neatvnc/neatvnc-0.8.0.ebuild | 86 -----------------------------------
 2 files changed, 87 deletions(-)

Comment 3 Larry the Git Cow gentoo-dev

2024-11-06 10:05:01 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=0ee88a8a4a3b4d50f378796badcbe43c33747807

commit 0ee88a8a4a3b4d50f378796badcbe43c33747807
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-11-06 10:04:44 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-11-06 10:04:59 +0000

    [ GLSA 202411-01 ] Neat VNC: Authentication Bypass
    
    Bug: https://bugs.gentoo.org/937140
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202411-01.xml | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)