Bug#1019228: marked as done (libvncserver: CVE-2020-29260)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sat, 26 Nov 2022 13:02:16 +0000
with message-id <E1oyuoy-006FFZ-FS@fasolo.debian.org>
and subject line Bug#1019228: fixed in libvncserver 0.9.13+dfsg-2+deb11u1
has caused the Debian Bug report #1019228,
regarding libvncserver: CVE-2020-29260
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1019228: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019228
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: libvncserver: CVE-2020-29260
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Mon, 05 Sep 2022 22:42:43 +0200
• Message-id: <166241056376.410260.6122528510412225898.reportbug@eldamar.lan>

Source: libvncserver
Version: 0.9.13+dfsg-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 0.9.13+dfsg-2

Hi,

The following vulnerability was published for libvncserver.

CVE-2020-29260[0]:
| libvncclient v0.9.13 was discovered to contain a memory leak via the
| function rfbClientCleanup().


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-29260
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29260
[1] https://github.com/LibVNC/libvncserver/commit/bef41f6ec4097a8ee094f90a1b34a708fbd757ec

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 1019228-close@bugs.debian.org
• Subject: Bug#1019228: fixed in libvncserver 0.9.13+dfsg-2+deb11u1
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Sat, 26 Nov 2022 13:02:16 +0000
• Message-id: <E1oyuoy-006FFZ-FS@fasolo.debian.org>
• Reply-to: Mike Gabriel <sunweaver@debian.org>

Source: libvncserver
Source-Version: 0.9.13+dfsg-2+deb11u1
Done: Mike Gabriel <sunweaver@debian.org>

We believe that the bug you reported is fixed in the latest version of
libvncserver, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1019228@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel <sunweaver@debian.org> (supplier of updated libvncserver package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 20 Nov 2022 13:18:12 +0100
Source: libvncserver
Architecture: source
Version: 0.9.13+dfsg-2+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian Remote Maintainers <debian-remote@lists.debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Closes: 1010449 1019228
Changes:
 libvncserver (0.9.13+dfsg-2+deb11u1) bullseye; urgency=medium
 .
   [ Mike Gabriel ]
   * debian/patches:
     + Trivially rebase patches 0001 and 0002.
     + Add 0003-rfb-increase-update-buf-size.patch. Allow larger screen sizes.
       (Closes: #1010449).
 .
   [ Thorsten Alteholz ]
     + CVE-2020-29260: Add CVE-2020-29260.patch. Resolve memory leak in function
       rfbClientCleanup(). (Closes: #1019228).
Checksums-Sha1:
 dfeef7ab77b1377431ec12bccfbc75d96d853fb8 2358 libvncserver_0.9.13+dfsg-2+deb11u1.dsc
 416834093567c845fd0d8560294723ab58a318c9 16824 libvncserver_0.9.13+dfsg-2+deb11u1.debian.tar.xz
 fa369ed85115d896327f88d99c4fc2ffb117e7a8 7894 libvncserver_0.9.13+dfsg-2+deb11u1_source.buildinfo
Checksums-Sha256:
 0b009ce746ba96170a27d20e670efdf3f7a955acb97035ef982e5150a900b3d9 2358 libvncserver_0.9.13+dfsg-2+deb11u1.dsc
 bf4aa00f035ee5391ac796082ac16589cebb4dfc31b75db26cf7c43a04d082ab 16824 libvncserver_0.9.13+dfsg-2+deb11u1.debian.tar.xz
 6a75cf41a102b6581a17d4ffbcfec221105972e4f36eb128276d4c4ecacbb6be 7894 libvncserver_0.9.13+dfsg-2+deb11u1_source.buildinfo
Files:
 a8eb6eb496c15dee918afd39f8e4c609 2358 libs optional libvncserver_0.9.13+dfsg-2+deb11u1.dsc
 c7beee0a7da46ff20669034eaacec3e6 16824 libs optional libvncserver_0.9.13+dfsg-2+deb11u1.debian.tar.xz
 58a14e5fa83baec98fc819e3dde17ffd 7894 libs optional libvncserver_0.9.13+dfsg-2+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmN6HBAVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxJrsP/25lXOFV4zQ7yL+z1KrhPHGYAR5b
91GKhbybxDdVF+1oUUn36P1pZ8Pbg9R1tgiIgeQC5KdNGuDW+cC5V9aXhCEz/X6e
l9rCdRr+HhD2qQ3PE3ksYhx8/66zTxvfJ9OLhq21Sehx83n2YWJbJZD8tBG5Zy97
tZAMEdPLPA9l7f28eyJibTWWzj8irI5BcjUikt35v6Nbc/EHBC6Li522obyolBBJ
WsZCr4Bl3JhB03EGtUN1SFDus/AIBmpr14vwNbfKbtpXFzXtBCV/pY+xkFtCYCnI
KwR0GJAVz+1xTXl9I35n9MotXos5arZKB3u4DUxsq2GC8sUPWQtcG8wJQAA4rGy2
1yiYkYjul/JUrz/8rQSflz3KMKt758ZWw7V93qbF+Pz+6I1uVbN+okd7FfC+5ik+
LMKokplWSjjesFFh8Q83+MLr8ZqbVwOD6i3SoQiwURmqgH10L3zOu8Eo+1a7WwwK
eK+eyQZ7t9d5oIeOczfN8ye2qZGvR81pr+1sriBLByYrPEylV3ikuoJiZAT1dHm7
15ZFONT7NWk8rL09sT+qrezI0foUFiU/bAN+Gy4JqOXj8ydPHlHMhxLFDzCl9qUu
y2fEMPg3XHHTeUFlQbHUKOVt4NBkNXrxc43ZZugYZm/vZFw7o/tVqju8Iusw5QhH
vwWmXuuW0v2GNn8Y
=pOh8
-----END PGP SIGNATURE-----

--- End Message ---