oss-sec mailing list archives
Re: [tigervnc-announce] TigerVNC 1.7.1
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Sat, 21 Jan 2017 22:25:38 -0800
Is there a CVE assigned to this issue that we should use when passing this fix through to our packages/distros? I don't see one mentioned in the commit or pull requests: https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba https://github.com/TigerVNC/tigervnc/pull/399 Thanks, -alan- On 01/20/17 01:00 AM, Pierre Ossman wrote:
This is a security update for TigerVNC 1.7.0 which fixes a memory overflow issue via the RRE decoder. A malicious server could possibly use this issue to take control of the TigerVNC viewer. Users are advised to upgrade as soon as possible. Binaries are available from bintray: https://bintray.com/tigervnc/stable/tigervnc/1.7.1 Regards The TigerVNC Developers
--
-Alan Coopersmith- alan.coopersmith () oracle com
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
Current thread:
- Re: [tigervnc-announce] TigerVNC 1.7.1 Alan Coopersmith (Jan 21)
- Re: [tigervnc-devel] Re: [tigervnc-announce] TigerVNC 1.7.1 Pierre Ossman (Jan 23)
- Re: [tigervnc-devel] Re: [tigervnc-announce] TigerVNC 1.7.1 Alan Coopersmith (Jan 23)
- Re: [tigervnc-announce] TigerVNC 1.7.1 cve-assign (Jan 25)
- Re: [tigervnc-devel] Re: [tigervnc-announce] TigerVNC 1.7.1 Pierre Ossman (Jan 23)