-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 09 Apr 2017 10:38:13 -0400 Source: tigervnc Binary: tigervnc-common tigervnc-scraping-server tigervnc-standalone-server tigervnc-xorg-extension tigervnc-viewer Architecture: source amd64 Version: 1.7.0+dfsg-7 Distribution: unstable Urgency: high Maintainer: TigerVNC Packaging Team <pkg-tigervnc-devel@lists.alioth.debian.org> Changed-By: Yaroslav Halchenko <debian@onerussian.com> Description: tigervnc-common - Virtual network computing; Common software needed by servers tigervnc-scraping-server - Virtual network computing server performing X screen scraping tigervnc-standalone-server - Standalone virtual network computing server tigervnc-viewer - Virtual network computing client for X tigervnc-xorg-extension - Virtual network computing X server extension Closes: 858048 859141 859259 Changes: tigervnc (1.7.0+dfsg-7) unstable; urgency=high . [ Joachim Falk ] * Fixed the following security vulnerabilities (Closes: #859259): - Fix SSecurityVeNCrypt.cxx; SSecurityVeNCrypt::SSecurityVeNCrypt. An unauthenticated client can cause a small memory leak in the server. (CVE-2017-7392) - Fix VNCSConnectionST.cxx VNCSConnectionST::fence. An authenticated client can cause a double free, leading to denial of service or potentially code execution. (CVE-2017-7393) - Fix SSecurityPlain.cxx SSecurityPlain::processMsg. An unauthenticated users can crash the server by sending long usernames. (CVE-2017-7394) - Fix SMsgReader.cxx SMsgReader::readClientCutText. An authenticated client can crash the server by causing an integer overflow. (CVE-2017-7395) - Fix CConnection.cxx CConnection::CConnection. An unauthenticated client can cause a small memory leak in the server. (CVE-2017-7396) * The tigervncserver wrapper script gives up and kills the server it just started if it doesn't have its VNC-TCP and X11-unix sockets up and running within a second. However, if a machine is a bit bogged down, this can prevent starting the server at all, for no good reason. Thus, the timeout has been increased to 30 seconds. (Closes: #859141) * Refreshed dependencies for Xtigervnc server build from xorg-server-1.19.2 used in stretch. (Closes: #858048) Checksums-Sha1: e83c6e2be667ed68767595f9b3b1f86a66509853 4638 tigervnc_1.7.0+dfsg-7.dsc df26e9bc9ab34829a90f2db411a09feabe1b540a 57760 tigervnc_1.7.0+dfsg-7.debian.tar.xz 4d1a2d913a0d5ab06beeb1c5ca101f00b78a1835 235956 tigervnc-common-dbgsym_1.7.0+dfsg-7_amd64.deb c9bb4ee62360957f2ebd46f580e8382cc18d4c7d 66928 tigervnc-common_1.7.0+dfsg-7_amd64.deb 26dc038af50e87c1195deac915ef2c3b8ea701b5 1154958 tigervnc-scraping-server-dbgsym_1.7.0+dfsg-7_amd64.deb 854ab4d334b4615a3e2c31c9292eaf9fb00884db 189296 tigervnc-scraping-server_1.7.0+dfsg-7_amd64.deb 2df7dd4150e02b3e3c081d73468be05ae710a6b8 5837464 tigervnc-standalone-server-dbgsym_1.7.0+dfsg-7_amd64.deb b57b33a1a8feeb4a5dcfc9942529b053f895ddfc 996756 tigervnc-standalone-server_1.7.0+dfsg-7_amd64.deb d15dbfed80255abdea30c9567272d9e2df28e57b 1011040 tigervnc-viewer-dbgsym_1.7.0+dfsg-7_amd64.deb deaf426a481f7ad29824345791b629505ca6ff62 167946 tigervnc-viewer_1.7.0+dfsg-7_amd64.deb c990f0d15cbd76226fd5f3b6aac1c4bfb804222a 1311854 tigervnc-xorg-extension-dbgsym_1.7.0+dfsg-7_amd64.deb e4967023ff3b643f3ea8a6790437d56cec976cba 198124 tigervnc-xorg-extension_1.7.0+dfsg-7_amd64.deb 42cfd52e46b23cf54849a4a1a53308d3b567e068 15179 tigervnc_1.7.0+dfsg-7_amd64.buildinfo Checksums-Sha256: 89d473a427dfd16ac8253363c1b3a0c8357fea5374342e66a996f2a4b279db91 4638 tigervnc_1.7.0+dfsg-7.dsc a5381de7e776945dd83a5b7066a18b1808bfa474cf6e9c4aa357b291a5c9931d 57760 tigervnc_1.7.0+dfsg-7.debian.tar.xz 2e16854b7897f2a9ea0496f81113aae996bca13939a66147674f0b17f7897a87 235956 tigervnc-common-dbgsym_1.7.0+dfsg-7_amd64.deb 268d5bad63f50b2ed92e858a4d8cad8e7d0bc14960ed84f083f24d3d4132aeec 66928 tigervnc-common_1.7.0+dfsg-7_amd64.deb a12c36eef62f6e1aec534e7eefcbfd28a23e0fcf440ffa5ef7cb8d64484e153c 1154958 tigervnc-scraping-server-dbgsym_1.7.0+dfsg-7_amd64.deb 849976b367cd8c3cbf2a7321d9d9737ebb5be6e9d618e4b69cc557d0450bb494 189296 tigervnc-scraping-server_1.7.0+dfsg-7_amd64.deb b5d6453556ec1f4212956c740f9f5cd6f03e85b02215da5d9a3dfa8834439dd8 5837464 tigervnc-standalone-server-dbgsym_1.7.0+dfsg-7_amd64.deb a6a46d95aa98edbd60da85a0649c13066b9a245c481ab572af1febfc030df710 996756 tigervnc-standalone-server_1.7.0+dfsg-7_amd64.deb 130fa3f6fd1e796e7948607f209b83b26d60085e4c6739594afb175905d32482 1011040 tigervnc-viewer-dbgsym_1.7.0+dfsg-7_amd64.deb 20c810578dc9abe3d34cf971421dc265d43f6866f08418ae65686dc02151d910 167946 tigervnc-viewer_1.7.0+dfsg-7_amd64.deb 3928b06fd93c33c952d530844e2c7699fe8880e4b61e0f3e655dd764e416f881 1311854 tigervnc-xorg-extension-dbgsym_1.7.0+dfsg-7_amd64.deb c8446f38aa10ea4a697b641547e73ef413ff949aa0993df3c67b4ce9407a48ec 198124 tigervnc-xorg-extension_1.7.0+dfsg-7_amd64.deb 4359a07ef3663cd1460e5921542daf99dd00ca0c90a61c5b5900de07cc690f39 15179 tigervnc_1.7.0+dfsg-7_amd64.buildinfo Files: eff32b5fc4ccb1d3f5bb421fdeafc3ba 4638 x11 optional tigervnc_1.7.0+dfsg-7.dsc bc1cc12c6c29536e57aca8d0f71dfc96 57760 x11 optional tigervnc_1.7.0+dfsg-7.debian.tar.xz 6d38e304ed8423367558318dc8b71ebb 235956 debug extra tigervnc-common-dbgsym_1.7.0+dfsg-7_amd64.deb fda88a7354526b646f4e42245bbe9a50 66928 x11 optional tigervnc-common_1.7.0+dfsg-7_amd64.deb ffede2377f07b9df83304c33beb6b301 1154958 debug extra tigervnc-scraping-server-dbgsym_1.7.0+dfsg-7_amd64.deb 7d65d6245fe2f8b4177881d7430deff0 189296 x11 optional tigervnc-scraping-server_1.7.0+dfsg-7_amd64.deb 52723e83298de5636f5de5bf22bd5416 5837464 debug extra tigervnc-standalone-server-dbgsym_1.7.0+dfsg-7_amd64.deb d81f65454dc51601e1af7c67035c36a1 996756 x11 optional tigervnc-standalone-server_1.7.0+dfsg-7_amd64.deb 37a05f45090a80553def238b54952aae 1011040 debug extra tigervnc-viewer-dbgsym_1.7.0+dfsg-7_amd64.deb 800085b3572aa5805f84564510cb2ae8 167946 x11 optional tigervnc-viewer_1.7.0+dfsg-7_amd64.deb 30337e371f42aac7f1f3236cfeb6f7c6 1311854 debug extra tigervnc-xorg-extension-dbgsym_1.7.0+dfsg-7_amd64.deb ead9b89d1a554f7fcf5f2bf31e238745 198124 x11 optional tigervnc-xorg-extension_1.7.0+dfsg-7_amd64.deb b8e338d5b3ad38326e54e0b1c6ac451f 15179 x11 optional tigervnc_1.7.0+dfsg-7_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEExbkF8OjZ/ZZo/zZvot4jUGLaM/oFAljqTnQACgkQot4jUGLa M/pF8A//c4/ZASvDYbKNSyluZH28pAyF2uui11DiGI0XeOqDxr1gL2yazMfUij4t NEzuq0VWC0pWXERe9z77IdZ2aUVH8QxRca1QitAD/rRqG1FwuxfR1SaN+2VgQWib THXH9x2x+l7EI79ti/vScdQIZHbIP2CqirBv+V/y1KFNVZEuEWStPWz/ZH+J9lkv 07wZNfjYlfZiZsfdoXrlZQj4lCjMXZnnaCfWnOQmhys5dURHJxR8AfLrTEeb5CSr h9/SJM/jfmzk44+28+7EYhYRHnSR0IhOOhrjj1z1IsG/HhVgT0WVtDd8b+SNxksa 1xFBr3sus6JZzHsUIlBODcINL6tA7d78w25na//LVykvqIruRQsU8ubbzfiDqSFR 5fwQRVGQM6DjAl/iqAnpR7smoGcRTu7MH8kq35bF2Tth50zW4Lv49yUcuDvFxFJb nUAHUJQc25KosWxCIyBy8NJ1xij+VxS/XyYdCMKEjFgdERU7zk3+1B0vmgMnkt7r 4lZ0mu05uornDg6OlNaRmThsYO23A72wre9qhzDqDsvQPXY3NssvJe/VtzwcJCNl doqQ7Xt0E+teVd0PLrCHWKCV7Rz7m0Ht0Pixhb5fj6Xk27iH8lbnfmJl7eFXmVDg bQHH2spL0kPy3ePDolLO6ylPm4xKHF+24fqQRMbKHc1YS2wDT7g= =L9Ki -----END PGP SIGNATURE-----