Debian Package Tracker
Register | Log in
Subscribe

vino

VNC server for GNOME

Choose email to subscribe with

general
  • source: vino (main)
  • version: 3.22.0-6
  • maintainer: Debian GNOME Maintainers (archive) (DMD)
  • uploaders: Michael Biebl [DMD] – Jeremy Bicha [DMD] – Laurent Bigonville [DMD]
  • arch: any
  • std-ver: 4.5.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 3.22.0-1
  • oldstable: 3.22.0-5
  • stable: 3.22.0-6
  • testing: 3.22.0-6
  • unstable: 3.22.0-6
versioned links
  • 3.22.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.22.0-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.22.0-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • vino (26 bugs: 0, 22, 4, 0)
action needed
3 low-priority security issues in buster low

There are 3 open security issues in buster.

3 issues left for the package maintainer to handle:
  • CVE-2014-6053: (needs triaging) The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
  • CVE-2018-7225: (needs triaging) An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
  • CVE-2019-15681: (needs triaging) LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-12-05 06:30
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.5.0).
Created: 2020-11-17 Last update: 2022-05-11 23:25
news
[rss feed]
  • [2020-03-26] vino 3.22.0-6 MIGRATED to testing (Debian testing watch)
  • [2020-03-21] Accepted vino 3.22.0-6 (source) into unstable (Laurent Bigonville)
  • [2019-11-29] Accepted vino 3.14.0-2+deb8u1 (source amd64) into oldoldstable (Mike Gabriel)
  • [2019-01-02] vino 3.22.0-5 MIGRATED to testing (Debian testing watch)
  • [2018-12-28] Accepted vino 3.22.0-5 (source) into unstable (Jeremy Bicha)
  • [2018-10-06] vino 3.22.0-4 MIGRATED to testing (Debian testing watch)
  • [2018-09-30] Accepted vino 3.22.0-4 (source amd64) into unstable (Laurent Bigonville)
  • [2018-02-27] vino 3.22.0-3 MIGRATED to testing (Debian testing watch)
  • [2018-02-21] Accepted vino 3.22.0-3 (source) into unstable (Jeremy Bicha)
  • [2017-12-25] vino 3.22.0-2 MIGRATED to testing (Debian testing watch)
  • [2017-12-19] Accepted vino 3.22.0-2 (source) into unstable (Jeremy Bicha)
  • [2016-09-26] vino 3.22.0-1 MIGRATED to testing (Debian testing watch)
  • [2016-09-20] vino 3.21.92-2 MIGRATED to testing (Debian testing watch)
  • [2016-09-20] Accepted vino 3.22.0-1 (source) into unstable (Michael Biebl)
  • [2016-09-14] Accepted vino 3.21.92-2 (source) into unstable (Michael Biebl)
  • [2016-09-13] Accepted vino 3.21.92-1 (source) into unstable (Michael Biebl)
  • [2016-05-16] vino 3.20.2-1 MIGRATED to testing (Debian testing watch)
  • [2016-05-10] Accepted vino 3.20.2-1 (source) into unstable (Michael Biebl)
  • [2016-04-22] vino 3.20.1-1 MIGRATED to testing (Debian testing watch)
  • [2016-04-16] Accepted vino 3.20.1-1 (source) into unstable (Michael Biebl)
  • [2016-03-30] vino 3.20.0-1 MIGRATED to testing (Debian testing watch)
  • [2016-03-24] Accepted vino 3.20.0-1 (source amd64) into unstable (Andreas Henriksson)
  • [2015-11-18] vino 3.18.1-1 MIGRATED to testing (Britney)
  • [2015-11-12] Accepted vino 3.18.1-1 (source) into unstable (Michael Biebl)
  • [2015-09-29] vino 3.18.0-1 MIGRATED to testing (Britney)
  • [2015-09-23] Accepted vino 3.18.0-1 (source amd64) into unstable (Andreas Henriksson)
  • [2015-05-24] vino 3.16.0-1 MIGRATED to testing (Britney)
  • [2015-05-18] Accepted vino 3.16.0-1 (source amd64) into unstable (Michael Biebl)
  • [2014-10-06] vino 3.14.0-2 MIGRATED to testing (Britney)
  • [2014-09-30] Accepted vino 3.14.0-2 (source amd64) into unstable (Andreas Henriksson)
  • 1
  • 2
bugs [bug history graph]
  • all: 28
  • RC: 0
  • I&N: 24
  • M&W: 4
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian
  • buildd: logs, checks, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • l10n (-, 93)
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 3.22.0-6ubuntu3
  • 87 bugs (2 patches)
  • patches for 3.22.0-6ubuntu3

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing