From ${URL} : Description Two vulnerabilities have been reported in TigerVNC, which can be exploited by malicious people to potentially compromise a user's system. The vulnerabilities are caused due to two boundary errors in the "ZRLE_DECODE()" function (common/rfb/zrleDecode.h), which can be exploited to cause buffer overflows. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into connecting to a malicious VNC server. The vulnerabilities are reported in versions prior to 1.3.1. Solution: Update to version 1.3.1. Provided and/or discovered by: Reported by the vendor. Original Advisory: http://sourceforge.net/p/tigervnc/mailman/message/32120476/ @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
=net-misc/tigervnc-1.2.80_p5065-r1 should be the one to stabilize
Arches, please test and mark stable: =net-misc/tigervnc-1.2.80_p5065-r1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
amd64 stable
x86 stable
ppc stable
Stable for HPPA.
alpha stable
ppc64 stable
Arches please stabilize =net-misc/tigervnc-1.3.1 instead due to bug 505562. Thanks
(In reply to Raúl Porcel from comment #9) > Arches please stabilize =net-misc/tigervnc-1.3.1 instead due to bug 505562. > > Thanks this is not reproducible here btw..
(In reply to Agostino Sarubbo from comment #10) > (In reply to Raúl Porcel from comment #9) > > Arches please stabilize =net-misc/tigervnc-1.3.1 instead due to bug 505562. > > > > Thanks > > this is not reproducible here btw.. Should happen if built with USE="server"
ia64 stable
sparc stable
arm stable
A GLSA has been drafted for this issue.
This issue was resolved and addressed in GLSA 201411-03 at http://security.gentoo.org/glsa/glsa-201411-03.xml by GLSA coordinator Sean Amoss (ackle).
