Bug 608700 (CVE-2017-5884, CVE-2017-5885)

Summary:	<net-libs/gtk-vnc-0.7.1: two input validation flaws
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	gnome, slawomir.nizio, virtualization
Priority:	Normal	Flags:	stable-bot: sanity-check+
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5884
Whiteboard:	B3 [noglsa cve]
Package list:	=net-libs/gtk-vnc-0.7.1	Runtime testing required:	---

Description Agostino Sarubbo gentoo-dev

2017-02-09 09:08:56 UTC

BUG:
https://bugzilla.gnome.org/show_bug.cgi?id=778048

COMMIT:
https://git.gnome.org/browse/gtk-vnc/commit/?id=ea0386933214c9178aaea9f2f85049ea3fa3e14a



BUG:
https://bugzilla.gnome.org/show_bug.cgi?id=778050

COMMIT:
https://git.gnome.org/browse/gtk-vnc/commit/?id=c8583fd3783c5b811590fcb7bae4ce6e7344963e

Comment 1 Gilles Dartiguelongue (RETIRED) gentoo-dev

2017-09-12 06:52:58 UTC

The fix is available in gtk-vnc 0.7.1. We'll wait until friday evening CEST to see if there's any user reported breakage but I'm pretty confident this can be stabilized.

Comment 2 Gilles Dartiguelongue (RETIRED) gentoo-dev

2017-09-13 22:06:43 UTC

Hello arches, please proceed with the stabilization of gtk-vnc-0.7.1.

Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-09-14 03:20:24 UTC

amd64 tested, ok

Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev

2017-10-03 00:44:22 UTC

x86 stable

Comment 5 Manuel Rüger (RETIRED) gentoo-dev

2017-10-20 14:42:06 UTC

Stable on amd64

Comment 6 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-10-27 00:26:39 UTC

@Maintainers proceed to cleanup please. 

Thank you.

Comment 7 Pacho Ramos gentoo-dev

2017-10-28 08:42:46 UTC

cleaned

Comment 8 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-10-28 15:48:13 UTC

Awesome. Thank you

GLSA Vote: No