[Pkg-tigervnc-devel] tigervnc 1.7.0+dfsg-5 MIGRATED to testing
Ola Lundqvist
ola.lundqvist at gmail.com
Sun Feb 12 22:17:04 UTC 2017
Hi
Just for your information. I have update the Debian security database with
this information too.
It should be marked as fixed in an hour or so when the data has been synced.
https://security-tracker.debian.org/tracker/source-package/tigervnc
// Ola
On 9 February 2017 at 20:25, Joachim Falk <joachim.falk at gmx.de> wrote:
> Hi all,
>
> Am 09.02.2017 um 17:52 schrieb Ola Lundqvist:
> > Hi
> >
> > I think we shall try to fix both. If you can prepare that would be
> great. I can do the upload.
> >
> > / Ola
> >
> > Sent from a phone
> >
> > Den 9 feb 2017 17:49 skrev "Joachim Falk" <joachim.falk at gmx.de <mailto:
> joachim.falk at gmx.de>>:
> >
> > Dear all,
> >
> > Am 09.02.2017 um 17:39 schrieb Debian testing watch:
> > > FYI: The status of the tigervnc source package
> > > in Debian's testing distribution has changed.
> > >
> > > Previous version: 1.7.0+dfsg-2
> > > Current version: 1.7.0+dfsg-5
> > its time to consider what we do with our two remaining bug fixes and
> the open
> > security problem in TigerVNC. The two bugfixes are quite self
> contained and small.
> > Hence, I think we can prepare one new upload with them and the
> security fix
> > and propose this for unblock to the release team.
> have determined that we are not vulnerable to CVE-2016-10207 (
> http://seclists.org/oss-sec/2017/q1/312).
> The fix has already been cheery picked into TigerVNC 1.7.0 by upstream.
> See git log below.
>
> ============================================================
> ======================
> commit e25272fc74ef09987ccaa33b9bf1736397c76fdf
> Author: Pierre Ossman <ossman at cendio.se>
> Date: Thu Sep 8 12:31:18 2016 +0200
>
> TigerVNC 1.7.0
>
> commit f8af13dd93e6723385811798c35d12da70d3641b
> Author: Pierre Ossman <ossman at cendio.se>
> Date: Tue Aug 23 17:02:58 2016 +0200
>
> Proper global init/deinit of GnuTLS
>
> These are reference counted so it is important to retain symmetry
> between the calls. Failure to do so will result in bad memory access
> and crashes.
>
> (cherry picked from commit 8aa4bc53206c2430bbf0c8f4b642f59a379ee649)
> ============================================================
> ======================
>
> Ola, you can upload 1.7.0+dfsg-7 this should close #852639 and #852633.
>
> Regards,
> Joachim
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-tigervnc-devel/attachments/20170212/06e1ee06/attachment.html>
More information about the Pkg-tigervnc-devel
mailing list