-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 29 Sep 2020 20:21:20 +0200 Source: tigervnc Architecture: source Version: 1.9.0+dfsg-3+deb10u3 Distribution: buster Urgency: high Maintainer: TigerVNC Packaging Team <pkg-tigervnc-devel@lists.alioth.debian.org> Changed-By: Joachim Falk <joachim.falk@gmx.de> Closes: 971272 Changes: tigervnc (1.9.0+dfsg-3+deb10u3) buster; urgency=high . [ Joachim Falk ] * Properly store certificate exceptions in native and java VNC viewer. The VNC viewers stored the certificate exceptions as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. This is issue CVE-2020-26117 (Closes: #971272). Checksums-Sha1: 665b58b5ce8788e6707fb799c3b1ef2caee78687 3983 tigervnc_1.9.0+dfsg-3+deb10u3.dsc 66d935a13f9176d21a68576af2615845448b77f2 72848 tigervnc_1.9.0+dfsg-3+deb10u3.debian.tar.xz c0fa333e1cb1160da6467b2780486b24db2fa047 7871 tigervnc_1.9.0+dfsg-3+deb10u3_source.buildinfo Checksums-Sha256: 61a7124a760b69432ab74becf27b152b63ac124a687a5d55b0fd7411979839b5 3983 tigervnc_1.9.0+dfsg-3+deb10u3.dsc e820db4eabb18b88d9156d21153744b5fc7d35eed393fb363204e36abfaf64ce 72848 tigervnc_1.9.0+dfsg-3+deb10u3.debian.tar.xz 221eca6335e4bc2b0968e26a287dfe6eeee82d4738711c7ac7478e24495135d5 7871 tigervnc_1.9.0+dfsg-3+deb10u3_source.buildinfo Files: 66ddd942feac096a9c1c56fc4438e67a 3983 x11 optional tigervnc_1.9.0+dfsg-3+deb10u3.dsc a67f7ec4b00a9c1817f791c8a69853e0 72848 x11 optional tigervnc_1.9.0+dfsg-3+deb10u3.debian.tar.xz 7d202cef71db0aff3eb50fffa26ffc88 7871 x11 optional tigervnc_1.9.0+dfsg-3+deb10u3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEd0JxOxv4oYU15116MFSGLSVGoYAFAl9zf+EUHGpvYWNoaW0u ZmFsa0BnbXguZGUACgkQMFSGLSVGoYB/tw//fnh9q/h+q0N2i1+RbJ85zQMgf9vi 3Pz8qovRv0m+lIRYU482FxAcamvtkoOYr5quCSGIX0ge2V4N8owt6XvgRvbP0pPD w5alI1fFQK7HflrbC0WFSZ3CMmMGd6IcH6R5koxEjEH0OydkSzSvpEqabJIohjcY 0AIrQ2/dssb2+JePzhdCTcNxpqpKQJkcRIsSlGrRYLWOri2+C7zFqgN19x486Y9j iAMu/59DbWiYE1vKshHxpGB7SjzUWPEyJRRQ8sOBIFarOn3oHUJFasUblIiA91K2 3rlAs3JbLh2G2f85n9htX9vyf/DURYVnt2FQ2yXT3lpkIcJ1eaCwmOUp3qZLEn0a ffwtAo02mvu3PV9egAvkEffcExU6Y0Z0zjahQnKircFYgLEtuN6WITPNhQR/ZdzT XBggkazLF5XlviQib+0VMKYaDpfHPsRnIQ39rfU6moB0e/y2/eqVwi/7YGOm4yhz 8KOQUQ9nUF+xw6jc9I+rpOo21UXl2H/yMUlWRCXf+nwkid0XIvAjFLVVEPz5Uuha YbMOwH1DG038ss4P1ftePlihVMQ+WpLQiNOs+9LvAdeC19z0jde4VOcG1xZIsZys rlsK9/lMx0rjgCt1bO6GbsPGCd6G8bNbzuvaMW8TIiQ6Kiymyz9NC3EiWN7CFpxo G3BTqe/GDMZefg8= =Pzo5 -----END PGP SIGNATURE-----