There are two DoS vulnerabilities in vino crashed by invalid framebuffer requests. The upstream bugs appear to be: https://bugzilla.gnome.org/show_bug.cgi?id=641802 (CVE-2011-0904) https://bugzilla.gnome.org/show_bug.cgi?id=641803 (CVE-2011-0905, private)
IIRC that's what the 2.32.2 release was for and it already is in tree. Unless there's something more we are good to go.
(In reply to comment #1) > IIRC that's what the 2.32.2 release was for and it already is in tree. Unless > there's something more we are good to go. Ok, I am a little confused. https://bugzilla.gnome.org/show_bug.cgi?id=641802#c10 says this is fixed in a 2.32.3 version, but comparing the fix at http://bugzilla-attachments.gnome.org/attachment.cgi?id=186688 to the source from our 2.32.2 we look to include the fixed code. Alright, can we stabilize =net-misc/vino-2.32.2?
(In reply to comment #2) > (In reply to comment #1) > > IIRC that's what the 2.32.2 release was for and it already is in tree. Unless > > there's something more we are good to go. > > Ok, I am a little confused. > https://bugzilla.gnome.org/show_bug.cgi?id=641802#c10 says this is fixed in a > 2.32.3 version, but comparing the fix at > http://bugzilla-attachments.gnome.org/attachment.cgi?id=186688 to the source > from our 2.32.2 we look to include the fixed code. > > Alright, can we stabilize =net-misc/vino-2.32.2? Latest is 2.32.2[1]. That should be stabilized. 1. http://ftp.acc.umu.se/pub/GNOME/sources/vino/2.32/
(In reply to comment #3) > > Latest is 2.32.2[1]. That should be stabilized. > Cool, thanks. Arches, please test and mark stable: =net-misc/vino-2.32.2 Target keywords : "alpha amd64 arm ia64 ppc ppc64 sparc x86"
amd64 ok
amd64 stable
ppc/ppc64 stable
x86 stable
alpha/arm/ia64/sparc stable
Thanks, everyone. GLSA request filed.
This issue was resolved and addressed in GLSA 201412-09 at http://security.gentoo.org/glsa/glsa-201412-09.xml by GLSA coordinator Sean Amoss (ackle).