Package: tightvnc Version: 1.3.9-4 Severity: grave Justification: user security hole Tags: security X-Debbugs-CC: [email protected]
Please see http://www.heise-online.co.uk/news/Vulnerabilities-in-UltraVNC-and-TightVNC--/112562 for a description. 1.3.9 is affected, while 1.3.10 is fixed. I did not verify the Debian version to be affected but believe so. According to the linked advisories this is Class: Integer overflow Remotely Exploitable: Yes Locally Exploitable: No Bugtraq ID: 33568 CVE Name: CVE-2009-0388 Since VNC connections might be used to shield an untrusted system from a trusted one the remote exploitably is to be taken rather seriously. I've no idea if UltraVNC is packaged in Debian as well; if so please clone and reassign this bug to the appropriate package. Please mention the CVE in your changelog when fixing this bug. -- Dr. Helge Kreutzmann [email protected] Dipl.-Phys. http://www.helgefjell.de/debian.php 64bit GNU powered gpg signed mail preferred Help keep free software "libre": http://www.ffii.de/
signature.asc
Description: Digital signature
