Summary: | <net-misc/tigervnc-1.0.0-r4 bundles an internal copy of jpeg and zlib | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Diego Elio Pettenò (RETIRED) <flameeyes> |
Component: | Vulnerabilities | Assignee: | Raúl Porcel (RETIRED) <armin76> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | esigra, n-roeser, qa, security |
Priority: | High | Keywords: | STABLEREQ |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [stable] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 251464 |
Description
Diego Elio Pettenò (RETIRED)
2009-06-07 20:30:29 UTC
This is caused by poorly written ebuild, the build-system supports using the system copies --with-included-zlib use libz which is distributed with VNC --with-system-jpeg use libjpeg which is distributed with the O/S --without-included-zlib and --with-system-jpeg to econf The jpeg is at least vulnerable to GLSA-200606-11 Please fix the ebuild or lastrite the package Arches, please stabilize =net-misc/tigervnc-1.0.0-r3, only change is use system's zlib+jpeg. Thanks Samuli for the fix gah, nvm ... The fix goes to ./configure in common/ directory Please stabilize =net-misc/tigervnc-1.0.0-r4 x86 stable sparc stable alpha/arm/ia64/sh stable ppc64 done Marked ppc stable. Stable for HPPA. amd64 stable, all arches done. |