[Git][security-tracker-team/security-tracker][master] Partially revert "stretch triage"

Salvatore Bonaccorso carnil at debian.org
Fri Jan 4 13:38:27 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
75c8b509 by Salvatore Bonaccorso at 2019-01-04T13:10:00Z
Partially revert "stretch triage"

This (partially) reverts commit b7e957b2a9683e5dad951168524f7b2bfe5e2dde.

CVE-2018-15126 affects the libvncserver codebase on 0.9.11 but the
patchset to be applied is refactoring and introducing two new symbols to
fix the issue.

Similar conclusion reached by SuSE triage at
https://bugzilla.novell.com/show_bug.cgi?id=1120114#c3

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -24226,7 +24226,8 @@ CVE-2018-15127 (LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de co
 	NOTE: https://github.com/LibVNC/libvncserver/commit/502821828ed00b4a2c4bef90683d0fd88ce495de
 	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-028-libvnc-heap-out-of-bound-write/
 CVE-2018-15126 (LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains ...)
-	- libvncserver <not-affected> (Vulnerable code introduced after 0.9.11 release)
+	- libvncserver <unfixed> (bug #916941)
+	[jessie] - libvncserver <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/LibVNC/libvncserver/issues/242
 	NOTE: Fixed by: https://github.com/LibVNC/libvncserver/commit/162d716b4c095a87aab2261857d583d68e3b3ea6 (merge of fix-#242)
 	NOTE: Individual commits:



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75c8b5092d49a559048a7d43cb366741b0e3d060

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75c8b5092d49a559048a7d43cb366741b0e3d060
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190104/ee193f2b/attachment.html>


More information about the debian-security-tracker-commits mailing list