Summary: | <net-libs/libvncserver-0.9.13: Multiple vulnerabilities (CVE-2020-{14396,14397,14398,14399,14400,14401,14402,14403,14404,14405}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | alexander, proxy-maint, slyfox |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.13 | ||
See Also: |
https://github.com/gentoo/gentoo/pull/16245 https://github.com/gentoo/gentoo/pull/16483 |
||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=net-libs/libvncserver-0.9.13
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2020-06-17 22:27:21 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0220c0523306b9f439f4a2a2dd27d81b1a55ebcb commit 0220c0523306b9f439f4a2a2dd27d81b1a55ebcb Author: Alexander Tsoy <alexander@tsoy.me> AuthorDate: 2020-06-14 22:19:48 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-06-20 20:30:49 +0000 net-libs/libvncserver: Version bump to 0.9.13 Closes: https://bugs.gentoo.org/715964 Closes: https://bugs.gentoo.org/715968 Bug: https://bugs.gentoo.org/728594 Signed-off-by: Alexander Tsoy <alexander@tsoy.me> Closes: https://github.com/gentoo/gentoo/pull/16245 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-libs/libvncserver/Manifest | 1 + net-libs/libvncserver/libvncserver-0.9.13.ebuild | 71 ++++++++++++++++++++++++ net-libs/libvncserver/metadata.xml | 3 +- 3 files changed, 74 insertions(+), 1 deletion(-) @maintainer, please let us know if there's a reason to not stable this, or we'll proceed Feel free to CC arches. hppa/sparc stable Looking good on ppc64. # cat libvncserver-728594.report USE tests started on Di 23. Jun 20:52:48 CEST 2020 FEATURES=' test' USE='' succeeded for =net-libs/libvncserver-0.9.13 USE='24bpp -filetransfer -gcrypt -gnutls ipv6 -jpeg -libressl lzo -png -sasl ssl -systemd threads -zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp filetransfer gcrypt gnutls -ipv6 -jpeg -libressl lzo -png -sasl ssl systemd threads -zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp -filetransfer gcrypt -gnutls -ipv6 -jpeg -libressl lzo png -sasl -ssl systemd -threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='24bpp -filetransfer -gcrypt gnutls -ipv6 jpeg -libressl lzo png sasl -ssl systemd -threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='24bpp -filetransfer -gcrypt gnutls -ipv6 -jpeg -libressl lzo png sasl -ssl systemd -threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp -filetransfer gcrypt -gnutls ipv6 jpeg -libressl -lzo -png -sasl -ssl -systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='24bpp filetransfer -gcrypt gnutls -ipv6 jpeg -libressl -lzo -png -sasl ssl -systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='24bpp filetransfer gcrypt -gnutls ipv6 jpeg -libressl lzo -png sasl ssl -systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp filetransfer gcrypt gnutls ipv6 jpeg -libressl lzo png -sasl -ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp -filetransfer -gcrypt -gnutls ipv6 -jpeg -libressl -lzo png -sasl ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='24bpp -filetransfer gcrypt gnutls ipv6 jpeg -libressl -lzo png -sasl ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp -filetransfer -gcrypt -gnutls -ipv6 jpeg -libressl lzo png sasl ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 revdep tests started on Di 23. Jun 21:03:38 CEST 2020 FEATURES=' test' USE='' succeeded for x11-misc/x11vnc FEATURES=' test' USE='vnc' succeeded for media-video/vlc FEATURES=' test' USE='vnc' succeeded for dev-games/openscenegraph Looking good on ppc. # cat libvncserver-728594.report USE tests started on Di 23. Jun 23:13:23 CEST 2020 FEATURES=' test' USE='' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp -filetransfer -gcrypt -gnutls -ipv6 -jpeg -libressl -lzo -png sasl ssl systemd threads -zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp -filetransfer -gcrypt gnutls ipv6 -jpeg -libressl -lzo -png -sasl -ssl -systemd -threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='24bpp -filetransfer gcrypt gnutls -ipv6 jpeg -libressl lzo png -sasl ssl -systemd -threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp -filetransfer -gcrypt gnutls ipv6 jpeg -libressl -lzo -png -sasl ssl systemd -threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp filetransfer gcrypt -gnutls -ipv6 jpeg -libressl lzo -png -sasl -ssl -systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp filetransfer gcrypt -gnutls -ipv6 jpeg -libressl lzo -png -sasl ssl -systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp filetransfer -gcrypt -gnutls ipv6 jpeg -libressl lzo -png -sasl ssl -systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp -filetransfer -gcrypt -gnutls ipv6 jpeg -libressl -lzo -png -sasl -ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp filetransfer gcrypt gnutls -ipv6 jpeg -libressl -lzo png -sasl -ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp filetransfer -gcrypt -gnutls -ipv6 -jpeg -libressl -lzo -png sasl -ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='24bpp filetransfer gcrypt -gnutls -ipv6 -jpeg -libressl lzo -png sasl -ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='24bpp -filetransfer gcrypt gnutls -ipv6 -jpeg -libressl lzo png -sasl ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 revdep tests started on Di 23. Jun 23:30:17 CEST 2020 FEATURES=' test' USE='vnc' succeeded for dev-games/openscenegraph FEATURES=' test' USE='' succeeded for x11-misc/x11vnc FEATURES=' test' USE='vnc' succeeded for media-video/vlc arm64 stable ppc64 stable ppc stable amd64 stable arm stable x86 stable. Maintainer(s), please cleanup. Security, please vote. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3cc06e5fd4889a3fd2d77d6a411efe0f82f37777 commit 3cc06e5fd4889a3fd2d77d6a411efe0f82f37777 Author: Alexander Tsoy <alexander@tsoy.me> AuthorDate: 2020-06-29 07:52:36 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-06-29 17:29:20 +0000 net-libs/libvncserver: Security cleanup Bug: https://bugs.gentoo.org/728594 Signed-off-by: Alexander Tsoy <alexander@tsoy.me> Closes: https://github.com/gentoo/gentoo/pull/16483 Signed-off-by: Aaron Bauman <bman@gentoo.org> net-libs/libvncserver/Manifest | 1 - .../files/libvncserver-0.9.12-CVE-2018-20750.patch | 47 -------------- .../files/libvncserver-0.9.12-CVE-2019-15681.patch | 26 -------- .../files/libvncserver-0.9.12-CVE-2019-15690.patch | 39 ----------- .../files/libvncserver-0.9.12-cmake-libdir.patch | 46 ------------- .../libvncserver-0.9.12-fix-shutdown-crash.patch | 63 ------------------ ...ibvncserver-0.9.12-fix-tight-raw-decoding.patch | 40 ------------ .../files/libvncserver-0.9.12-libgcrypt.patch | 40 ------------ .../libvncserver-0.9.12-pkgconfig-libdir.patch | 41 ------------ .../libvncserver-0.9.12-sparc-unaligned.patch | 40 ------------ .../libvncserver/libvncserver-0.9.12-r5.ebuild | 75 ---------------------- 11 files changed, 458 deletions(-) |