[Git][security-tracker-team/security-tracker][master] 2 commits: libvncserver: reference embedded copies

[Sylvain Beucler]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
105dfeb7 by Sylvain Beucler at 2020-03-18T14:56:41+01:00
libvncserver: reference embedded copies
Builds on initial research at https://lists.debian.org/debian-lts/2019/10/msg00094.html

- - - - -
77a25a7a by Sylvain Beucler at 2020-03-18T15:00:30+01:00
CVE-2019-15690/libvncserver: reference embedded copies in italc/ssvnc/tightvnc/veyon/vncsnapshot

- - - - -


2 changed files:

- data/CVE/list
- data/embedded-code-copies


Changes:

=====================================
data/CVE/list
=====================================
@@ -35466,6 +35466,11 @@ CVE-2019-15690
 	RESERVED
 	{DLA-2146-1}
 	- libvncserver <unfixed> (bug #954163)
+	- italc <removed>
+	- ssvnc <unfixed>
+	- tightvnc <unfixed>
+	- veyon 4.3.1+repack1-1
+	- vncsnapshot <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2
 	NOTE: https://github.com/LibVNC/libvncserver/issues/381
 	NOTE: https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed


=====================================
data/embedded-code-copies
=====================================
@@ -544,8 +544,18 @@ libmodplug
 	- gst-plugins-bad0.10 0.10.10.2-1 (embed)
 
 libvncserver
-	- vino <unfixed> (embed)
-	- krfb <unfixed> (embed)
+	- krfb 4:14.12.2-1 (embed) [libvncserver/rfbserver.c]
+	- italc <removed> (embed) [ica/x11/libvnc*]
+	- ssvnc <unfixed> (modified-embed) [vnc_unixsrc/*]
+	NOTE: client code only
+	- tigervnc <unfixable> (fork)
+	- tightvnc <unfixable> (fork)
+	- vncsnapshot <unfixed> (embed)
+	NOTE: client code only, small files subset
+	- veyon <unfixed> (embed) [3rdparty/libvncserver/libvncclient/*]
+	NOTE: uses system-wide libvncserver, but still bundles libvncclient
+	- vino <unfixed> (embed) [server/libvncserver/*]
+	NOTE: server code only
 
 putty
 	- filezilla <unfixed> (embed)
@@ -704,7 +714,7 @@ lzo2
 	- remmina <unfixed> (embed)
 	- blender <unfixed> (embed)
 	- x11vnc <unfixed> (embed)
-	- italc <unfixed> (embed)
+	- italc <removed> (embed)
 	- dump <unfixed> (embed)
 	- krfb <unfixed> (embed)
 	- nfdump <unfixed> (embed)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5d73be68c1b8a1cece5e9541cc6725901587dfba...77a25a7a8a60d1005185d4a5ba2c2f57c3618830

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5d73be68c1b8a1cece5e9541cc6725901587dfba...77a25a7a8a60d1005185d4a5ba2c2f57c3618830
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200318/f6b67a64/attachment-0001.html>