Register | Log in

vino

VNC server for GNOME

Choose email to subscribe with

general

source: vino (main)
version: 3.22.0-5
maintainer: Debian GNOME Maintainers (archive) (DMD)
uploaders: Michael Biebl [DMD] – Jeremy Bicha [DMD] – Laurent Bigonville [DMD]
arch: any
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.14.0-2
o-o-sec: 3.14.0-2+deb8u1
oldstable: 3.22.0-1
stable: 3.22.0-5
testing: 3.22.0-5
unstable: 3.22.0-5

versioned links

3.14.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.14.0-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.22.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.22.0-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

vino (25 bugs: 0, 21, 4, 0)

action needed

3 security issues in bullseye high

There are 3 open security issues in bullseye.

3 important issues:

CVE-2018-7225: An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
CVE-2014-6053: The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
CVE-2019-15681: LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.

Please fix them.

Created: 2019-11-28 Last update: 2020-02-24 22:50

3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:

CVE-2018-7225: An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
CVE-2014-6053: The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
CVE-2019-15681: LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.

Please fix them.

Created: 2019-11-28 Last update: 2020-02-24 22:50

3 ignored security issues in buster low

There are 3 open security issues in buster.

3 issues skipped by the security teams:

CVE-2018-7225: An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
CVE-2014-6053: The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
CVE-2019-15681: LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.

Please fix them.

Created: 2019-11-28 Last update: 2020-02-24 22:50

3 ignored security issues in stretch low

There are 3 open security issues in stretch.

3 issues skipped by the security teams:

CVE-2018-7225: An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
CVE-2014-6053: The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
CVE-2019-15681: LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.

Please fix them.

Created: 2019-11-28 Last update: 2020-02-24 22:50

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.3.0).

Created: 2019-07-08 Last update: 2020-01-21 05:05

news

[2019-11-29] Accepted vino 3.14.0-2+deb8u1 (source amd64) into oldoldstable (Mike Gabriel)
[2019-01-02] vino 3.22.0-5 MIGRATED to testing (Debian testing watch)
[2018-12-28] Accepted vino 3.22.0-5 (source) into unstable (Jeremy Bicha)
[2018-10-06] vino 3.22.0-4 MIGRATED to testing (Debian testing watch)
[2018-09-30] Accepted vino 3.22.0-4 (source amd64) into unstable (Laurent Bigonville)
[2018-02-27] vino 3.22.0-3 MIGRATED to testing (Debian testing watch)
[2018-02-21] Accepted vino 3.22.0-3 (source) into unstable (Jeremy Bicha)
[2017-12-25] vino 3.22.0-2 MIGRATED to testing (Debian testing watch)
[2017-12-19] Accepted vino 3.22.0-2 (source) into unstable (Jeremy Bicha)
[2016-09-26] vino 3.22.0-1 MIGRATED to testing (Debian testing watch)
[2016-09-20] vino 3.21.92-2 MIGRATED to testing (Debian testing watch)
[2016-09-20] Accepted vino 3.22.0-1 (source) into unstable (Michael Biebl)
[2016-09-14] Accepted vino 3.21.92-2 (source) into unstable (Michael Biebl)
[2016-09-13] Accepted vino 3.21.92-1 (source) into unstable (Michael Biebl)
[2016-05-16] vino 3.20.2-1 MIGRATED to testing (Debian testing watch)
[2016-05-10] Accepted vino 3.20.2-1 (source) into unstable (Michael Biebl)
[2016-04-22] vino 3.20.1-1 MIGRATED to testing (Debian testing watch)
[2016-04-16] Accepted vino 3.20.1-1 (source) into unstable (Michael Biebl)
[2016-03-30] vino 3.20.0-1 MIGRATED to testing (Debian testing watch)
[2016-03-24] Accepted vino 3.20.0-1 (source amd64) into unstable (Andreas Henriksson)
[2015-11-18] vino 3.18.1-1 MIGRATED to testing (Britney)
[2015-11-12] Accepted vino 3.18.1-1 (source) into unstable (Michael Biebl)
[2015-09-29] vino 3.18.0-1 MIGRATED to testing (Britney)
[2015-09-23] Accepted vino 3.18.0-1 (source amd64) into unstable (Andreas Henriksson)
[2015-05-24] vino 3.16.0-1 MIGRATED to testing (Britney)
[2015-05-18] Accepted vino 3.16.0-1 (source amd64) into unstable (Michael Biebl)
[2014-10-06] vino 3.14.0-2 MIGRATED to testing (Britney)
[2014-09-30] Accepted vino 3.14.0-2 (source amd64) into unstable (Andreas Henriksson)
[2014-09-23] Accepted vino 3.14.0-1 (source amd64) into unstable (Andreas Henriksson)
[2014-09-06] Accepted vino 3.13.90-1 (source amd64) into experimental (Andreas Henriksson)

1
2

bugs [bug history graph]

all: 26
RC: 0
I&N: 22
M&W: 4
F&P: 0
patch: 0

links

homepage
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots
l10n (-, 93)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.22.0-5ubuntu2
83 bugs (2 patches)
patches for 3.22.0-5ubuntu2

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing