Debian Package Tracker
Register | Log in
Subscribe

vino

VNC server for GNOME

Choose email to subscribe with

general
  • source: vino (main)
  • version: 3.22.0-6
  • maintainer: Debian GNOME Maintainers (archive) (DMD)
  • uploaders: Michael Biebl [DMD] – Jeremy Bicha [DMD] – Laurent Bigonville [DMD]
  • arch: any
  • std-ver: 4.5.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 3.14.0-2
  • o-o-sec: 3.14.0-2+deb8u1
  • oldstable: 3.22.0-1
  • stable: 3.22.0-5
  • testing: 3.22.0-6
  • unstable: 3.22.0-6
versioned links
  • 3.14.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.14.0-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.22.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.22.0-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.22.0-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • vino (25 bugs: 0, 21, 4, 0)
action needed
lintian reports 1 warning normal
Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.
Created: 2020-07-29 Last update: 2020-08-22 06:06
3 ignored security issues in stretch low
There are 3 open security issues in stretch.
3 issues skipped by the security teams:
  • CVE-2014-6053: The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
  • CVE-2018-7225: An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
  • CVE-2019-15681: LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.
Please fix them.
Created: 2019-11-28 Last update: 2020-08-07 06:08
3 ignored security issues in buster low
There are 3 open security issues in buster.
3 issues skipped by the security teams:
  • CVE-2014-6053: The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
  • CVE-2018-7225: An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
  • CVE-2019-15681: LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.
Please fix them.
Created: 2019-11-28 Last update: 2020-08-07 06:08
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.5.0).
Created: 2020-11-17 Last update: 2020-11-17 05:41
news
[rss feed]
  • [2020-03-26] vino 3.22.0-6 MIGRATED to testing (Debian testing watch)
  • [2020-03-21] Accepted vino 3.22.0-6 (source) into unstable (Laurent Bigonville)
  • [2019-11-29] Accepted vino 3.14.0-2+deb8u1 (source amd64) into oldoldstable (Mike Gabriel)
  • [2019-01-02] vino 3.22.0-5 MIGRATED to testing (Debian testing watch)
  • [2018-12-28] Accepted vino 3.22.0-5 (source) into unstable (Jeremy Bicha)
  • [2018-10-06] vino 3.22.0-4 MIGRATED to testing (Debian testing watch)
  • [2018-09-30] Accepted vino 3.22.0-4 (source amd64) into unstable (Laurent Bigonville)
  • [2018-02-27] vino 3.22.0-3 MIGRATED to testing (Debian testing watch)
  • [2018-02-21] Accepted vino 3.22.0-3 (source) into unstable (Jeremy Bicha)
  • [2017-12-25] vino 3.22.0-2 MIGRATED to testing (Debian testing watch)
  • [2017-12-19] Accepted vino 3.22.0-2 (source) into unstable (Jeremy Bicha)
  • [2016-09-26] vino 3.22.0-1 MIGRATED to testing (Debian testing watch)
  • [2016-09-20] vino 3.21.92-2 MIGRATED to testing (Debian testing watch)
  • [2016-09-20] Accepted vino 3.22.0-1 (source) into unstable (Michael Biebl)
  • [2016-09-14] Accepted vino 3.21.92-2 (source) into unstable (Michael Biebl)
  • [2016-09-13] Accepted vino 3.21.92-1 (source) into unstable (Michael Biebl)
  • [2016-05-16] vino 3.20.2-1 MIGRATED to testing (Debian testing watch)
  • [2016-05-10] Accepted vino 3.20.2-1 (source) into unstable (Michael Biebl)
  • [2016-04-22] vino 3.20.1-1 MIGRATED to testing (Debian testing watch)
  • [2016-04-16] Accepted vino 3.20.1-1 (source) into unstable (Michael Biebl)
  • [2016-03-30] vino 3.20.0-1 MIGRATED to testing (Debian testing watch)
  • [2016-03-24] Accepted vino 3.20.0-1 (source amd64) into unstable (Andreas Henriksson)
  • [2015-11-18] vino 3.18.1-1 MIGRATED to testing (Britney)
  • [2015-11-12] Accepted vino 3.18.1-1 (source) into unstable (Michael Biebl)
  • [2015-09-29] vino 3.18.0-1 MIGRATED to testing (Britney)
  • [2015-09-23] Accepted vino 3.18.0-1 (source amd64) into unstable (Andreas Henriksson)
  • [2015-05-24] vino 3.16.0-1 MIGRATED to testing (Britney)
  • [2015-05-18] Accepted vino 3.16.0-1 (source amd64) into unstable (Michael Biebl)
  • [2014-10-06] vino 3.14.0-2 MIGRATED to testing (Britney)
  • [2014-09-30] Accepted vino 3.14.0-2 (source amd64) into unstable (Andreas Henriksson)
  • 1
  • 2
bugs [bug history graph]
  • all: 27
  • RC: 0
  • I&N: 23
  • M&W: 4
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (0, 1)
  • buildd: logs, checks, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • l10n (-, 93)
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 3.22.0-6ubuntu3
  • 88 bugs (2 patches)
  • patches for 3.22.0-6ubuntu3

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing