Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 887067

Summary: <net-libs/libvncserver-0.9.14: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: alexander, proxy-maint
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.14
See Also: https://github.com/gentoo/gentoo/pull/28833
https://github.com/gentoo/gentoo/pull/29641
Whiteboard: B? [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 894652    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-18 22:21:43 UTC 
"## LibVNCServer/LibVNCClient:

  * Fixed several potential multiplication overflows.


  * Fixes of several memory leaks and buffer overflows."

Please bump to 0.9.14.
Comment 1 Larry the Git Cow gentoo-dev 2022-12-27 10:23:51 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=14545c056ef18019e9de4cfb41ec1d8da538a8c8

commit 14545c056ef18019e9de4cfb41ec1d8da538a8c8
Author:     Alexander Tsoy <alexander@tsoy.me>
AuthorDate: 2022-12-27 00:26:07 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-12-27 10:22:17 +0000

    net-libs/libvncserver: version bump to 0.9.14
    
    Bug: https://bugs.gentoo.org/887067
    Signed-off-by: Alexander Tsoy <alexander@tsoy.me>
    Closes: https://github.com/gentoo/gentoo/pull/28833
    Signed-off-by: Sam James <sam@gentoo.org>

 net-libs/libvncserver/Manifest                   |  1 +
 net-libs/libvncserver/libvncserver-0.9.14.ebuild | 71 ++++++++++++++++++++++++
 2 files changed, 72 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2023-02-18 13:06:27 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=29bd18220587faa63d90afb87447327f638257c2

commit 29bd18220587faa63d90afb87447327f638257c2
Author:     Alexander Tsoy <alexander@tsoy.me>
AuthorDate: 2023-02-17 21:35:03 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2023-02-18 13:06:13 +0000

    net-libs/libvncserver: security cleanup
    
    Bug: https://bugs.gentoo.org/887067
    Signed-off-by: Alexander Tsoy <alexander@tsoy.me>
    Closes: https://github.com/gentoo/gentoo/pull/29641
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 net-libs/libvncserver/Manifest                     |  1 -
 .../files/libvncserver-0.9.13-CVE-2020-29260.patch | 27 --------
 .../libvncserver-0.9.13-test-fix-includetest.patch | 54 ---------------
 .../libvncserver-0.9.13-test-fix-tjunittest.patch  | 29 ---------
 .../libvncserver/libvncserver-0.9.13-r1.ebuild     | 76 ----------------------
 5 files changed, 187 deletions(-)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-02-20 20:45:55 UTC 
Thanks! Any input on the impact from anyone?