[Pkg-tigervnc-devel] [Git][debian-remote-team/tigervnc][master] Clarify status of CVE-2014-8240-849479.patch
Joachim Falk (@jfalk-guest)
gitlab at salsa.debian.org
Sun Jan 14 12:40:34 GMT 2024
Joachim Falk pushed to branch master at Debian Remote Packaging Team / tigervnc
Commits:
4ad62fba by Joachim Falk at 2024-01-14T13:39:52+01:00
Clarify status of CVE-2014-8240-849479.patch
- - - - -
1 changed file:
- debian/patches/CVE-2014-8240-849479.patch
Changes:
=====================================
debian/patches/CVE-2014-8240-849479.patch
=====================================
@@ -5,8 +5,24 @@ Description: Fix integer overflow in TigerVNC that allowed remote VNC servers to
buffer overflow, a similar issue to CVE-2014-6051.
.
This issue is CVE-2014-8240.
+ .
+ This patch has been forwarded to upstream, but applying the patch has been
+ rejected by upstream (see https://github.com/TigerVNC/tigervnc/issues/993).
+ .
+ The rationale was given by CendioOssman on Apr 16, 2020, as follows:
+ .
+ I'm not sure CVE-2014-8240 is a problem in practice with the current (1.10.1)
+ TigerVNC. Do you know if there is a proof of concept exploit? It shouldn't
+ affect 64-bit systems, as size_t will be large enough to handle any overflows.
+ And we got a bunch of checks in 1.10.1 that prevent large image buffers like
+ this. So, it will abort before it starts using any invalid buffer like this
+ anyway.
+ .
+ However, Debian still has 32-bit architecture support, and I (Joachim Falk)
+ could not find the mentioned redundant checks on the code path at first
+ glance. Hence, for now, let's still carry this patch.
Author: Tim Waugh
-Forwarded: no
+Forwarded: yes
Index: pkg-tigervnc/unix/x0vncserver/Image.cxx
===================================================================
View it on GitLab: https://salsa.debian.org/debian-remote-team/tigervnc/-/commit/4ad62fba2b66fcc47c07a759f5ac59beef605ad8
--
View it on GitLab: https://salsa.debian.org/debian-remote-team/tigervnc/-/commit/4ad62fba2b66fcc47c07a759f5ac59beef605ad8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-tigervnc-devel/attachments/20240114/f2f4bce7/attachment-0001.htm>
More information about the Pkg-tigervnc-devel
mailing list