Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 142558 - net-misc/vino includes vulnerable libvncserver? (CVE-2006-2450)
Summary: net-misc/vino includes vulnerable libvncserver? (CVE-2006-2450)
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Auditing (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-08-02 08:54 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2007-08-23 08:48 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-08-02 08:54:24 UTC 
See bug #136916 for further details.
Comment 1 foser (RETIRED) gentoo-dev 2006-08-03 07:49:23 UTC 
vino's auth.c is completely different from the one pointed to in #136916  .

It may be a much older version. The patch doesn't apply at all.
Comment 2 Wolf Giesen (RETIRED) gentoo-dev 2006-08-04 00:08:30 UTC 
Would you prefer audit take a look at it or can you figure out whether the vulnerability is already in there?
Comment 3 John N. Laliberte (RETIRED) gentoo-dev 2006-08-07 06:24:47 UTC 
if audit team could take a look that would be great.
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2006-08-12 08:15:09 UTC 
Setting to Auditing for a confirmation.
Comment 5 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-09-08 06:17:27 UTC 
i've browsed the code and i think it doesn't use the affected code.
Comment 6 Luis Medinas (RETIRED) gentoo-dev 2007-08-23 00:07:54 UTC 
security perhaps we can close this bug ?
Comment 7 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-08-23 08:48:38 UTC 
I've looked the code and I agree with Falco, the version included doesn't seem vulnerable, so closing as INVALID. Feel free to reopen if you disagree.