| Summary: | <net-misc/tigervnc-1.7.1: Buffer overflow in ModifiablePixelBuffer::fillRect | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | maintainer-needed |
| Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1415712 | ||
| Whiteboard: | B2 [glsa cve] | ||
| Package list: |
=net-misc/tigervnc-1.7.1
|
Runtime testing required: | Yes |
| Bug Depends on: | 606460 | ||
| Bug Blocks: | |||
fixed in upstream-1.7.1 *** Bug 607316 has been marked as a duplicate of this bug. *** v1.7.1 is now in repository. @ Arches, please test and mark stable: =net-misc/tigervnc-1.7.1 Stable on alpha. amd64 stable Stable for HPPA PPC64. x86 stable ppc stable arm stable New GLSA request filed. sparc stable ia64 stable. Maintainer(s), please cleanup. This issue was resolved and addressed in GLSA 201702-19 at https://security.gentoo.org/glsa/201702-19 by GLSA coordinator Thomas Deutschmann (whissi). |
From ${URL} : A buffer overflow vulnerability in ModifiablePixelBuffer::fillRect in vncviewer was found allowing malicious VNC server to send crafted RRE message and possibly take control of the TigerVNC viewer. Upstream patch: https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba PR: https://github.com/TigerVNC/tigervnc/pull/399 Reference: http://seclists.org/oss-sec/2017/q1/166 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.