Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 673508 (CVE-2018-20019, CVE-2018-20023) - <net-libs/libvncserver-0.9.12: multiple vulnerabilities
Summary: <net-libs/libvncserver-0.9.12: multiple vulnerabilities
Alias: CVE-2018-20019, CVE-2018-20023
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa+ cve]
Depends on:
Blocks: CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20024
  Show dependency tree
Reported: 2018-12-21 06:52 UTC by D'juan McDonald (domhnall)
Modified: 2019-12-02 22:32 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Sven Wegener gentoo-dev 2019-01-15 21:56:26 UTC
While working on x11vnc, a related projectm I ended up preparing a version bump:

I haven't pushed it yet, just in case Alex is already working on it.
Comment 2 Larry the Git Cow gentoo-dev 2019-01-17 21:21:43 UTC
The bug has been referenced in the following commit(s):

commit 4fbd9dd57d76b333b4c75791b1590f5ee09119f1
Author:     Sven Wegener <>
AuthorDate: 2019-01-15 21:40:20 +0000
Commit:     Sven Wegener <>
CommitDate: 2019-01-17 21:21:30 +0000

    net-libs/libvncserver: Version bump, security bug #659560 and #673508
    Signed-off-by: Sven Wegener <>
    Package-Manager: Portage-2.3.51, Repoman-2.3.11

 net-libs/libvncserver/Manifest                     |  1 +
 .../files/libvncserver-0.9.12-cmake-libdir.patch   | 22 +++++++
 net-libs/libvncserver/libvncserver-0.9.12.ebuild   | 72 ++++++++++++++++++++++
 3 files changed, 95 insertions(+)
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2019-04-27 20:35:47 UTC
Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself.
Comment 4 Alexander Tsoy 2019-07-28 22:02:21 UTC
Cleanup done in 61a66db5451e859c3cc01853ba5a5737c2157147
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2019-08-09 20:46:08 UTC
This issue was resolved and addressed in
 GLSA 201908-05 at
by GLSA coordinator Aaron Bauman (b-man).
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2019-12-02 22:30:35 UTC
Freeing aliases for tracker creation.