Summary: | net-misc/vino: two vulnerabilities (CVE-2011-{1164,1165}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B4 [ebuild+] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-03-17 14:16:11 UTC
CVE-2011-1165 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1165): Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks. CVE-2011-1164 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1164): Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks. I guess we don't have a fix for the 2.x branch? (In reply to Chris Reffett from comment #2) > I guess we don't have a fix for the 2.x branch? No, but we have 3.x versions already in stable vino-3.8.1-r1 fixes this, bug #478252 This is fixed long time ago, then, maybe this could be closed (or, at least, Whiteboard be updated per security team policy as the vulnerable ebuilds are neither present) All vulnerable versions removed from tree. GLSA Vote: No |