[Pkg-tigervnc-devel] tigervnc 1.7.0+dfsg-5 MIGRATED to testing

Ola Lundqvist ola.lundqvist at gmail.com
Sun Feb 12 22:17:29 UTC 2017 

Hi again

Information about CVE-2016-10207.

Best regards

// Ola

On 12 February 2017 at 23:17, Ola Lundqvist <ola.lundqvist at gmail.com> wrote:

> Hi
>
> Just for your information. I have update the Debian security database with
> this information too.
> It should be marked as fixed in an hour or so when the data has been
> synced.
>
> https://security-tracker.debian.org/tracker/source-package/tigervnc
>
> // Ola
>
> On 9 February 2017 at 20:25, Joachim Falk <joachim.falk at gmx.de> wrote:
>
>> Hi all,
>>
>> Am 09.02.2017 um 17:52 schrieb Ola Lundqvist:
>> > Hi
>> >
>> > I think we shall try to fix both. If you can prepare that would be
>> great. I can do the upload.
>> >
>> > / Ola
>> >
>> > Sent from a phone
>> >
>> > Den 9 feb 2017 17:49 skrev "Joachim Falk" <joachim.falk at gmx.de <mailto:
>> joachim.falk at gmx.de>>:
>> >
>> >     Dear all,
>> >
>> >     Am 09.02.2017 um 17:39 schrieb Debian testing watch:
>> >     > FYI: The status of the tigervnc source package
>> >     > in Debian's testing distribution has changed.
>> >     >
>> >     >   Previous version: 1.7.0+dfsg-2
>> >     >   Current version:  1.7.0+dfsg-5
>> >     its time to consider what we do with our two remaining bug fixes
>> and the open
>> >     security problem in TigerVNC. The two bugfixes are quite self
>> contained and small.
>> >     Hence, I think we can prepare one new upload with them and the
>> security fix
>> >     and propose this for unblock to the release team.
>> have determined that we are not vulnerable to CVE-2016-10207 (
>> http://seclists.org/oss-sec/2017/q1/312).
>> The fix has already been cheery picked into TigerVNC 1.7.0 by upstream.
>> See git log below.
>>
>> ============================================================
>> ======================
>> commit e25272fc74ef09987ccaa33b9bf1736397c76fdf
>> Author: Pierre Ossman <ossman at cendio.se>
>> Date:   Thu Sep 8 12:31:18 2016 +0200
>>
>>     TigerVNC 1.7.0
>>
>> commit f8af13dd93e6723385811798c35d12da70d3641b
>> Author: Pierre Ossman <ossman at cendio.se>
>> Date:   Tue Aug 23 17:02:58 2016 +0200
>>
>>     Proper global init/deinit of GnuTLS
>>
>>     These are reference counted so it is important to retain symmetry
>>     between the calls. Failure to do so will result in bad memory access
>>     and crashes.
>>
>>     (cherry picked from commit 8aa4bc53206c2430bbf0c8f4b642f59a379ee649)
>> ============================================================
>> ======================
>>
>> Ola, you can upload 1.7.0+dfsg-7 this should close #852639 and #852633.
>>
>> Regards,
>> Joachim
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-tigervnc-devel/attachments/20170212/37b95588/attachment.html>

More information about the Pkg-tigervnc-devel mailing list