Register | Log in

vino

VNC server for GNOME

Choose email to subscribe with

general

source: vino (main)
version: 3.22.0-6
maintainer: Debian GNOME Maintainers (archive) (DMD)
uploaders: Michael Biebl [DMD] – Jeremy Bicha [DMD] – Laurent Bigonville [DMD]
arch: any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.14.0-2
o-o-sec: 3.14.0-2+deb8u1
oldstable: 3.22.0-1
stable: 3.22.0-5
testing: 3.22.0-6
unstable: 3.22.0-6

versioned links

3.14.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.14.0-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.22.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.22.0-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.22.0-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

vino (25 bugs: 0, 21, 4, 0)

action needed

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2020-08-22 06:06

3 ignored security issues in stretch low

There are 3 open security issues in stretch.

3 issues skipped by the security teams:

CVE-2014-6053: The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
CVE-2018-7225: An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
CVE-2019-15681: LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.

Please fix them.

Created: 2019-11-28 Last update: 2020-08-07 06:08

3 ignored security issues in buster low

There are 3 open security issues in buster.

3 issues skipped by the security teams:

CVE-2014-6053: The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
CVE-2018-7225: An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
CVE-2019-15681: LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.

Please fix them.

Created: 2019-11-28 Last update: 2020-08-07 06:08

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.5.0).

Created: 2020-11-17 Last update: 2020-11-17 05:41

news

[2020-03-26] vino 3.22.0-6 MIGRATED to testing (Debian testing watch)
[2020-03-21] Accepted vino 3.22.0-6 (source) into unstable (Laurent Bigonville)
[2019-11-29] Accepted vino 3.14.0-2+deb8u1 (source amd64) into oldoldstable (Mike Gabriel)
[2019-01-02] vino 3.22.0-5 MIGRATED to testing (Debian testing watch)
[2018-12-28] Accepted vino 3.22.0-5 (source) into unstable (Jeremy Bicha)
[2018-10-06] vino 3.22.0-4 MIGRATED to testing (Debian testing watch)
[2018-09-30] Accepted vino 3.22.0-4 (source amd64) into unstable (Laurent Bigonville)
[2018-02-27] vino 3.22.0-3 MIGRATED to testing (Debian testing watch)
[2018-02-21] Accepted vino 3.22.0-3 (source) into unstable (Jeremy Bicha)
[2017-12-25] vino 3.22.0-2 MIGRATED to testing (Debian testing watch)
[2017-12-19] Accepted vino 3.22.0-2 (source) into unstable (Jeremy Bicha)
[2016-09-26] vino 3.22.0-1 MIGRATED to testing (Debian testing watch)
[2016-09-20] vino 3.21.92-2 MIGRATED to testing (Debian testing watch)
[2016-09-20] Accepted vino 3.22.0-1 (source) into unstable (Michael Biebl)
[2016-09-14] Accepted vino 3.21.92-2 (source) into unstable (Michael Biebl)
[2016-09-13] Accepted vino 3.21.92-1 (source) into unstable (Michael Biebl)
[2016-05-16] vino 3.20.2-1 MIGRATED to testing (Debian testing watch)
[2016-05-10] Accepted vino 3.20.2-1 (source) into unstable (Michael Biebl)
[2016-04-22] vino 3.20.1-1 MIGRATED to testing (Debian testing watch)
[2016-04-16] Accepted vino 3.20.1-1 (source) into unstable (Michael Biebl)
[2016-03-30] vino 3.20.0-1 MIGRATED to testing (Debian testing watch)
[2016-03-24] Accepted vino 3.20.0-1 (source amd64) into unstable (Andreas Henriksson)
[2015-11-18] vino 3.18.1-1 MIGRATED to testing (Britney)
[2015-11-12] Accepted vino 3.18.1-1 (source) into unstable (Michael Biebl)
[2015-09-29] vino 3.18.0-1 MIGRATED to testing (Britney)
[2015-09-23] Accepted vino 3.18.0-1 (source amd64) into unstable (Andreas Henriksson)
[2015-05-24] vino 3.16.0-1 MIGRATED to testing (Britney)
[2015-05-18] Accepted vino 3.16.0-1 (source amd64) into unstable (Michael Biebl)
[2014-10-06] vino 3.14.0-2 MIGRATED to testing (Britney)
[2014-09-30] Accepted vino 3.14.0-2 (source amd64) into unstable (Andreas Henriksson)

1
2

bugs [bug history graph]

all: 27
RC: 0
I&N: 23
M&W: 4
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (-, 93)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.22.0-6ubuntu3
88 bugs (2 patches)
patches for 3.22.0-6ubuntu3

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing