Debian Package Tracker
Register | Log in
Subscribe

neatvnc

Choose email to subscribe with

general
  • source: neatvnc (main)
  • version: 1.0.1+dfsg-1
  • maintainer: Han Gao (DMD)
  • arch: any
  • std-ver: 4.7.4
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • oldstable: 0.5.4+dfsg-1
  • stable: 0.9.1+dfsg-1
  • testing: 0.9.1+dfsg-1
  • unstable: 1.0.1+dfsg-1
versioned links
  • 0.5.4+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.9.1+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.0.1+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libneatvnc-dev
  • libneatvnc1
action needed
Marked for autoremoval on 10 August: #1136644 high
Version 0.9.1+dfsg-1 of neatvnc is marked for autoremoval from testing on Mon 10 Aug 2026. It is affected by #1136644. The removal of neatvnc will also cause the removal of (transitive) reverse dependencies: wayvnc, weston, xwayland-run. You should try to prevent the removal by fixing these RC bugs.
Created: 2026-05-21 Last update: 2026-07-16 19:32
1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:
  • CVE-2026-42859: Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 (RSA-AES) or security type 129 (RSA-AES-256) handshake with an oversized client RSA public key, causing rsa_aes_send_challenge in src/auth/rsa-aes.c to overflow a 1024-byte on-stack buffer when encrypting the server challenge. This results in at least a denial of service via server crash. This vulnerability is fixed in 0.9.6.
Created: 2026-05-14 Last update: 2026-07-14 01:33
1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:
  • CVE-2026-42859: (needs triaging) Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 (RSA-AES) or security type 129 (RSA-AES-256) handshake with an oversized client RSA public key, causing rsa_aes_send_challenge in src/auth/rsa-aes.c to overflow a 1024-byte on-stack buffer when encrypting the server challenge. This results in at least a denial of service via server crash. This vulnerability is fixed in 0.9.6.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-05-14 Last update: 2026-07-14 01:33
2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:
  • CVE-2024-42458: (needs triaging) server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369.
  • CVE-2026-42859: (needs triaging) Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 (RSA-AES) or security type 129 (RSA-AES-256) handshake with an oversized client RSA public key, causing rsa_aes_send_challenge in src/auth/rsa-aes.c to overflow a 1024-byte on-stack buffer when encrypting the server challenge. This results in at least a denial of service via server crash. This vulnerability is fixed in 0.9.6.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-08-02 Last update: 2026-07-14 01:33
testing migrations
  • This package is part of the ongoing testing transition known as auto-aml. Please avoid uploads unrelated to this transition, they would likely delay it and require supplementary work from the release managers. On the other hand, if your package has problems preventing it to migrate to testing, please fix them as soon as possible. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
  • This package is part of the ongoing testing transition known as auto-neatvnc. Please avoid uploads unrelated to this transition, they would likely delay it and require supplementary work from the release managers. On the other hand, if your package has problems preventing it to migrate to testing, please fix them as soon as possible. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
  • excuses:
    • Migrates after: aml
    • Migration status for neatvnc (0.9.1+dfsg-1 to 1.0.1+dfsg-1): Waiting for test results or another package, or too young (no action required now - check later)
    • Issues preventing migration:
    • ∙ ∙ Too young, only 3 of 5 days old
    • ∙ ∙ Build-Depends(-Arch): neatvnc aml
    • ∙ ∙ Depends: neatvnc aml
    • Additional info (not blocking):
    • ∙ ∙ Updating neatvnc will fix bugs in testing: #1136644
    • ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/n/neatvnc.html
    • ∙ ∙ Reproduced on amd64 - info
    • ∙ ∙ Reproduced on arm64 - info
    • ∙ ∙ Reproduced on armhf - info
    • ∙ ∙ Reproduced on i386 - info
    • Not considered
news
[rss feed]
  • [2026-07-13] Accepted neatvnc 1.0.1+dfsg-1 (source) into unstable (Han Gao) (signed by: Boyuan Yang)
  • [2026-07-11] Accepted neatvnc 0.9.1+dfsg-1.1 (source) into unstable (Adrian Bunk)
  • [2026-06-07] Accepted neatvnc 1.0.0+dfsg-1~exp1 (source amd64) into experimental (Debian FTP Masters) (signed by: Boyuan Yang)
  • [2024-11-27] neatvnc 0.9.1+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2024-11-21] Accepted neatvnc 0.9.1+dfsg-1 (source) into unstable (Han Gao) (signed by: Boyuan Yang)
  • [2024-11-13] neatvnc 0.8.0+dfsg-3 MIGRATED to testing (Debian testing watch)
  • [2024-11-08] Accepted neatvnc 0.8.0+dfsg-3 (source) into unstable (Dylan Aïssi)
  • [2024-08-06] neatvnc 0.8.0+dfsg-2 MIGRATED to testing (Debian testing watch)
  • [2024-08-03] Accepted neatvnc 0.8.0+dfsg-2 (source) into unstable (Salvatore Bonaccorso)
  • [2024-04-26] neatvnc 0.8.0+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2024-03-09] Accepted neatvnc 0.8.0+dfsg-1 (source) into unstable (Boyuan Yang)
  • [2024-02-19] neatvnc 0.7.1+dfsg-2 MIGRATED to testing (Debian testing watch)
  • [2024-02-19] neatvnc 0.7.1+dfsg-2 MIGRATED to testing (Debian testing watch)
  • [2024-02-13] Accepted neatvnc 0.7.1+dfsg-2 (source) into unstable (Boyuan Yang)
  • [2023-12-02] neatvnc 0.7.1+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2023-11-26] Accepted neatvnc 0.7.1+dfsg-1 (source) into unstable (Boyuan Yang)
  • [2023-10-30] neatvnc 0.7.0+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2023-10-24] Accepted neatvnc 0.7.0+dfsg-1 (source) into unstable (Boyuan Yang)
  • [2023-10-15] Accepted neatvnc 0.7.0+dfsg-1~exp1 (source) into experimental (Boyuan Yang)
  • [2023-08-01] neatvnc 0.6.0+dfsg-4 MIGRATED to testing (Debian testing watch)
  • [2023-07-25] Accepted neatvnc 0.6.0+dfsg-4 (source) into unstable (Boyuan Yang)
  • [2023-07-25] Accepted neatvnc 0.6.0+dfsg-3 (source) into unstable (Boyuan Yang)
  • [2023-07-25] Accepted neatvnc 0.6.0+dfsg-2 (source) into unstable (Boyuan Yang)
  • [2023-07-25] Accepted neatvnc 0.6.0+dfsg-1 (source) into unstable (Boyuan Yang)
  • [2023-03-19] Accepted neatvnc 0.5.4+dfsg-2~exp1 (source) into experimental (Boyuan Yang)
  • [2022-09-23] neatvnc 0.5.4+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2022-09-17] Accepted neatvnc 0.5.4+dfsg-1 (source) into unstable (Boyuan Yang)
  • [2022-09-05] neatvnc 0.5.3+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2022-08-30] Accepted neatvnc 0.5.3+dfsg-1 (source) into unstable (Boyuan Yang)
  • [2022-08-01] neatvnc 0.5.1+dfsg-2 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 1
  • RC: 0
  • I&N: 1
  • M&W: 0
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • other distros
  • security tracker
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1.0.1+dfsg-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing