Summary: | <net-libs/libvncserver-0.9.13-r1: memory leakage via rfbClientCleanup() | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | alexander, proxy-maint |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/LibVNC/libvncserver/commit/bef41f6ec4097a8ee094f90a1b34a708fbd757ec | ||
See Also: |
https://github.com/gentoo/gentoo/pull/27388 https://github.com/gentoo/gentoo/pull/27540 |
||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 872647 | ||
Bug Blocks: |
Description
John Helmert III
2022-09-03 01:42:35 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d33d79334f52b44ddc670fa9461105d2cfc64ea9 commit d33d79334f52b44ddc670fa9461105d2cfc64ea9 Author: Alexander Tsoy <alexander@tsoy.me> AuthorDate: 2022-09-22 00:02:29 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-09-24 10:00:51 +0000 net-libs/libvncserver: fix CVE-2020-29260 Also update EAPI 7 -> 8 Bug: https://bugs.gentoo.org/868135 Signed-off-by: Alexander Tsoy <alexander@tsoy.me> Closes: https://github.com/gentoo/gentoo/pull/27388 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> .../files/libvncserver-0.9.13-CVE-2020-29260.patch | 27 ++++++++ .../libvncserver/libvncserver-0.9.13-r1.ebuild | 76 ++++++++++++++++++++++ 2 files changed, 103 insertions(+) Thanks! No need to GLSA, client side memory leak so it's unlikely to be a serious problem except in very special cases. Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=42d5e9d6c8415ba4f6a09aac08b49a9af6958e55 commit 42d5e9d6c8415ba4f6a09aac08b49a9af6958e55 Author: Alexander Tsoy <alexander@tsoy.me> AuthorDate: 2022-09-30 15:06:46 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-30 15:18:27 +0000 net-libs/libvncserver: security cleanup Bug: https://bugs.gentoo.org/868135 Signed-off-by: Alexander Tsoy <alexander@tsoy.me> Closes: https://github.com/gentoo/gentoo/pull/27540 Signed-off-by: John Helmert III <ajak@gentoo.org> net-libs/libvncserver/libvncserver-0.9.13.ebuild | 75 ------------------------ 1 file changed, 75 deletions(-) Thanks! |