[Pkg-tigervnc-devel] tigervnc 1.7.0+dfsg-5 MIGRATED to testing

Joachim Falk joachim.falk at gmx.de
Thu Feb 9 19:25:45 UTC 2017 

Hi all,

Am 09.02.2017 um 17:52 schrieb Ola Lundqvist:
> Hi
> 
> I think we shall try to fix both. If you can prepare that would be great. I can do the upload.
> 
> / Ola
> 
> Sent from a phone
> 
> Den 9 feb 2017 17:49 skrev "Joachim Falk" <joachim.falk at gmx.de <mailto:joachim.falk at gmx.de>>:
> 
>     Dear all,
> 
>     Am 09.02.2017 um 17:39 schrieb Debian testing watch:
>     > FYI: The status of the tigervnc source package
>     > in Debian's testing distribution has changed.
>     >
>     >   Previous version: 1.7.0+dfsg-2
>     >   Current version:  1.7.0+dfsg-5
>     its time to consider what we do with our two remaining bug fixes and the open
>     security problem in TigerVNC. The two bugfixes are quite self contained and small.
>     Hence, I think we can prepare one new upload with them and the security fix
>     and propose this for unblock to the release team.
have determined that we are not vulnerable to CVE-2016-10207 (http://seclists.org/oss-sec/2017/q1/312).
The fix has already been cheery picked into TigerVNC 1.7.0 by upstream. See git log below.

==================================================================================
commit e25272fc74ef09987ccaa33b9bf1736397c76fdf
Author: Pierre Ossman <ossman at cendio.se>
Date:   Thu Sep 8 12:31:18 2016 +0200

    TigerVNC 1.7.0

commit f8af13dd93e6723385811798c35d12da70d3641b
Author: Pierre Ossman <ossman at cendio.se>
Date:   Tue Aug 23 17:02:58 2016 +0200

    Proper global init/deinit of GnuTLS

    These are reference counted so it is important to retain symmetry
    between the calls. Failure to do so will result in bad memory access
    and crashes.

    (cherry picked from commit 8aa4bc53206c2430bbf0c8f4b642f59a379ee649)
==================================================================================

Ola, you can upload 1.7.0+dfsg-7 this should close #852639 and #852633.

Regards,
Joachim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debdiff-1.7.0+dfsg-5-to-1.7.0+dfsg-7.diff
Type: text/x-patch
Size: 6539 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-tigervnc-devel/attachments/20170209/e616f174/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-tigervnc-devel/attachments/20170209/e616f174/attachment-0001.sig>

More information about the Pkg-tigervnc-devel mailing list