[Git][security-tracker-team/security-tracker][master] Partially revert "stretch triage"
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 4 13:38:27 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
75c8b509 by Salvatore Bonaccorso at 2019-01-04T13:10:00Z
Partially revert "stretch triage"
This (partially) reverts commit b7e957b2a9683e5dad951168524f7b2bfe5e2dde.
CVE-2018-15126 affects the libvncserver codebase on 0.9.11 but the
patchset to be applied is refactoring and introducing two new symbols to
fix the issue.
Similar conclusion reached by SuSE triage at
https://bugzilla.novell.com/show_bug.cgi?id=1120114#c3
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -24226,7 +24226,8 @@ CVE-2018-15127 (LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de co
NOTE: https://github.com/LibVNC/libvncserver/commit/502821828ed00b4a2c4bef90683d0fd88ce495de
NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-028-libvnc-heap-out-of-bound-write/
CVE-2018-15126 (LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains ...)
- - libvncserver <not-affected> (Vulnerable code introduced after 0.9.11 release)
+ - libvncserver <unfixed> (bug #916941)
+ [jessie] - libvncserver <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibVNC/libvncserver/issues/242
NOTE: Fixed by: https://github.com/LibVNC/libvncserver/commit/162d716b4c095a87aab2261857d583d68e3b3ea6 (merge of fix-#242)
NOTE: Individual commits:
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75c8b5092d49a559048a7d43cb366741b0e3d060
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75c8b5092d49a559048a7d43cb366741b0e3d060
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190104/ee193f2b/attachment.html>
More information about the debian-security-tracker-commits
mailing list