[SECURITY] [DLA 831-1] gtk-vnc security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : gtk-vnc
Version : 0.5.0-3.1+deb7u1
CVE ID : CVE-2017-5884 CVE-2017-5885
Debian Bug : 854450
Josef Gajdusek discovered two vulnerabilities in gtk-vnc, a VNC viewer
widget for GTK:
CVE-2017-5884
Fix bounds checking for RRE, hextile & copyrec encodings. This bug
allowed a remote server to cause a denial of service by buffer
overflow via a carefully crafted message containing subrectangles
outside the drawing area.
CVE-2017-5885
Correctly validate color map range indexes. This bug allowed a
remote server to cause a denial of service by buffer overflow via
a carefully crafted message with out-of-range colour values.
For Debian 7 "Wheezy", these problems have been fixed in version
0.5.0-3.1+deb7u1.
We recommend that you upgrade your gtk-vnc packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- --
Jonas Meurer
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAlirOVgQHG1lam9AZGVi
aWFuLm9yZwAKCRBSYuf/SRBJ/nfqD/9sVeT4ci3KLv9LiLaED7gfZVKXdukOyWt7
2GgEaFa5flapoNXrC0J5MevtGf/HnUfjrroeFY45+0Q3Hs+K5uFco09PF6O6NHdW
FsMoSNOseDHuFeW2R4ju/IgsCHaUIgIVXKULLzBmIaHP2lFGd8YL7dRlxvOJ5I5Y
PBG3hVhSx9NGt9qibvppq9F2NhM8HHWntbb0HS7C3IZM/6Ta8a8FZghEfZBHBbLQ
/SIa+ZsOuZSaQrDwMKlS694HeK7YHp4rA2tfobNxaDNwaRhWYW6KqGB9Dcke71Ti
9IXWxdkldr6x1yZRs0Tp4WKxsC4zlPkh8K4EzIX4vu8hBgGvvoQjMptS7Pw3wTHl
1JB0WTPra950wzppmkBsUq3+0XJbDFbMfzqsrTnJwm0xOzvg7nt4qITMMInRgSsd
hxbVGYyKsYNHsr3joSYfHcCzilJL6jV8Jeu+UjjJHYNeR5k5TlAyglPYDds503Ca
sTEWBSRZW4t/klnI/Q1cBOnKmDE9shYCEgcOqLKBBDHizI+16MFX/joG4WuO61CE
PuFtXZN4Mr0H8mNwVyQyT0cX26ZOHZ89YRba7s7KAcacG7APFEajtkTyIirGrc/n
bBzFy7Tgv6iJLmiAx+sP5GjqSI0+0nMRqbPquo566/6WSWSkSVy3Bxzy8Dfpr/Sa
QYg1HV1bCw==
=rp6p
-----END PGP SIGNATURE-----
Reply to: