Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 937140

Summary: <gui-libs/neatvnc-0.8.1: client-side authentication bypass
Product: Gentoo Security Reporter: Christopher Fore <csfore>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: maintainer-needed, shimarin
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.openwall.com/lists/oss-security/2024/08/02/1
See Also: https://github.com/gentoo/gentoo/pull/39005
Whiteboard: B1 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 941717    
Bug Blocks:    

Description Christopher Fore 2024-08-02 15:09:33 UTC 
No CVE or description from upstream (yet), but on the oss-security mailing list, one of the reporters said it is similar to CVE-2006-2369:
https://nvd.nist.gov/vuln/detail/CVE-2006-2369

https://www.openwall.com/lists/oss-security/2024/08/02/8


Please update to 0.8.1.
Comment 1 Larry the Git Cow gentoo-dev 2024-10-17 16:13:52 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6789d55b3e527e10adb0572681dd2ba80973873a

commit 6789d55b3e527e10adb0572681dd2ba80973873a
Author:     Christopher Fore <csfore@posteo.net>
AuthorDate: 2024-10-15 19:49:04 +0000
Commit:     Arthur Zamarin <arthurzam@gentoo.org>
CommitDate: 2024-10-17 16:13:43 +0000

    gui-libs/neatvnc: add 0.8.1, security bump
    
    - Tests pass
    
    Bug: https://bugs.gentoo.org/937140
    Signed-off-by: Christopher Fore <csfore@posteo.net>
    Closes: https://github.com/gentoo/gentoo/pull/39005
    Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>

 gui-libs/neatvnc/Manifest             |  1 +
 gui-libs/neatvnc/neatvnc-0.8.1.ebuild | 86 +++++++++++++++++++++++++++++++++++
 2 files changed, 87 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2024-10-27 07:23:55 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a0e71a40d11953fa32e72c0064c6af08ec7bf98

commit 6a0e71a40d11953fa32e72c0064c6af08ec7bf98
Author:     Hans de Graaff <graaff@gentoo.org>
AuthorDate: 2024-10-27 07:23:11 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-10-27 07:23:25 +0000

    gui-libs/neatvnc: drop 0.8.0
    
    Bug: https://bugs.gentoo.org/937140
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 gui-libs/neatvnc/Manifest             |  1 -
 gui-libs/neatvnc/neatvnc-0.8.0.ebuild | 86 -----------------------------------
 2 files changed, 87 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2024-11-06 10:05:01 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=0ee88a8a4a3b4d50f378796badcbe43c33747807

commit 0ee88a8a4a3b4d50f378796badcbe43c33747807
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-11-06 10:04:44 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-11-06 10:04:59 +0000

    [ GLSA 202411-01 ] Neat VNC: Authentication Bypass
    
    Bug: https://bugs.gentoo.org/937140
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202411-01.xml | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)