-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 28 Sep 2020 22:43:11 +0200 Source: tigervnc Architecture: source Version: 1.10.1+dfsg-9 Distribution: unstable Urgency: medium Maintainer: TigerVNC Packaging Team <pkg-tigervnc-devel@lists.alioth.debian.org> Changed-By: Joachim Falk <joachim.falk@gmx.de> Closes: 971272 Changes: tigervnc (1.10.1+dfsg-9) unstable; urgency=medium . [ Joachim Falk ] * Properly store certificate exceptions in native and java VNC viewer. The VNC viewers stored the certificate exceptions as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. This is issue CVE-2020-26117 (Closes: #971272). Checksums-Sha1: c1ddfe798c7fca3a8e9cefcc46c7eebb188088cc 3967 tigervnc_1.10.1+dfsg-9.dsc bac8c2347e06483c44d422824f40c4d0467f1d44 65472 tigervnc_1.10.1+dfsg-9.debian.tar.xz 20d27f38df544c3f3c094e220de64c6eb5a3099a 7719 tigervnc_1.10.1+dfsg-9_source.buildinfo Checksums-Sha256: d01959b6e73e0454b9ccbf6acb3ee08854a947c7b80b904eb34e2e8099f5deb8 3967 tigervnc_1.10.1+dfsg-9.dsc 74ccb8be2755083645b38542c6c56855da02c13e80045320b394dc7f0d0608fb 65472 tigervnc_1.10.1+dfsg-9.debian.tar.xz a5fc18154dc41104b7d23dedc2eaeef7ebdffbb76ba87c10fbc7414b75284f27 7719 tigervnc_1.10.1+dfsg-9_source.buildinfo Files: f26c47c5b8be1319af0018673fb1db66 3967 x11 optional tigervnc_1.10.1+dfsg-9.dsc ecc6b16629e11c562036c86f85261f7f 65472 x11 optional tigervnc_1.10.1+dfsg-9.debian.tar.xz ad5160b0208c1b688a2106d3e517d1d4 7719 x11 optional tigervnc_1.10.1+dfsg-9_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEd0JxOxv4oYU15116MFSGLSVGoYAFAl9yUjcUHGpvYWNoaW0u ZmFsa0BnbXguZGUACgkQMFSGLSVGoYDTgRAA2XGhhV2i9thYEp0Y64l7GmWYm8o3 sZMjOI8WWsW5Oj1Bn3cOsJNlXoBfESjMw9jEUfmlIA5LC8dgNUNh6NEqSxNqVA5d caWUFsV6aMuXtSO2lRYojIb1EldIB770cS8WTU5UKq1NjPwsblhaZTJmkvExX+9X 4OBX2vMRe8L98Y8+gN4g5F9fKQOyP9QGYLsdb4hMNh/V0wLXvbyRMk9MErrEMZam /sYCRafRXgmfnOq03ru9ZPMDaAdaC/iQ74lOVpIAlEuutQ9cl70d320ags7Nqnrq ClmQwGleyXJIYwAUfFacty+9YqLpIWIPcwxQfwOT9waIJkw0XMzVLd4Jc535mTMk hxdFtBjog505jz4F7z29TLyy4a9RlheQ3UmmHTEXwtKCRf3WCqoDK4sg6BEpjD7C iW3wkTfv1hgktwYGmtFQLKaDqGYKoGKqaw7HbwvM708ue+oHiF3nEAOZKjkTMSpw Z99TQz0+6C2toozzjl4p497C9PV6hRcYNLQJuYoCQzblu4pdBfoTjD2oOOPum+57 MELZu/3tmNZ3BSPl+4ErRG0mzydjE61KUxqv8wQ2wBG/hqnaadnEqQgC8A/Kr9sr 2doPqXYOhJ/mfE35zPsYYWqmOvYJrKCCRd77L+5k5mpLHD/D2iTAuLm9aoHnlurc bZ2muRyuhWgr6Kk= =UQ/W -----END PGP SIGNATURE-----