Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere

[David King <amigadave () amigadave com>]

On 2011-03-14 16:00, Jan Lieskovsky <jlieskov () redhat com> wrote:
> Hello Josh, Steve, David, vendors,
>
>   this is due the following vino deficiency:
>   [1] https://bugzilla.redhat.com/show_bug.cgi?id=553477#c0
>   [2] https://bugzilla.redhat.com/show_bug.cgi?id=678846
>
> As noted in [1] Vino may incorrectly report, that relevant user desktop
> is reachable only over local network, when in fact it's reachable from everywhere.

[snip]

> Upstream bug report:
> [3] https://bugzilla.gnome.org/show_bug.cgi?id=596190
>
> Ubuntu bug report (IPv6 specific):
> [4] https://bugs.launchpad.net/ubuntu/+source/vino/+bug/344489
>
> To David King -- David, what are the upstream plans for this issue? Is there by any
> chance upstream patch for the bug [3] yet?

I only took over the Vino maintainership 10 days ago, so I am not 
familiar with all parts of the code yet, including this one. Now that I 
have been notified of the issue, I will work on fixing it, but for the 
next stable release (GNOME 3.0), due in a few weeks, I think that it 
will be safest to disable this functionality.

As for the UPnP issue listed at [2], I was planning to fix this during 
the GNOME 3.2 release cycle, as it will require changing translatable 
strings, and the project is already in a string freeze. The upstream bug 
has some more details:

https://bugzilla.gnome.org/show_bug.cgi?id=594521

I could also disable this functionality as a workaround.

> Thanks && Regards, Jan.

--
http://amigadave.com/