Your message dated Sat, 03 Aug 2024 15:53:21 +0000
with message-id <e1sah4l-009poa...@fasolo.debian.org>
and subject line Bug#1077822: fixed in neatvnc 0.8.0+dfsg-2
has caused the Debian Bug report #1077822,
regarding neatvnc: CVE-2024-42458
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1077822: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077822
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: neatvnc
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for neatvnc.
CVE-2024-42458[0]:
| server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly
| validate the security type.
https://www.openwall.com/lists/oss-security/2024/08/02/1
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-42458
https://www.cve.org/CVERecord?id=CVE-2024-42458
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: neatvnc
Source-Version: 0.8.0+dfsg-2
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
neatvnc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1077...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated neatvnc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 03 Aug 2024 17:23:09 +0200
Source: neatvnc
Architecture: source
Version: 0.8.0+dfsg-2
Distribution: unstable
Urgency: high
Maintainer: Debian QA Group <packa...@qa.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1077822
Changes:
neatvnc (0.8.0+dfsg-2) unstable; urgency=high
.
* QA upload.
* Add sanity check for chosen security type (CVE-2024-42458)
(Closes: #1077822)
Checksums-Sha1:
08111865806c638a78b98be35f1d7b604e2621f6 2263 neatvnc_0.8.0+dfsg-2.dsc
fb136763b1c5aad717f53723a2ca7b1bef1621a9 13628
neatvnc_0.8.0+dfsg-2.debian.tar.xz
Checksums-Sha256:
d2e5c604de8c1d93678d2055cdeccc04c04e8f7d62bdfa6d0fdda4c859ad9a4f 2263
neatvnc_0.8.0+dfsg-2.dsc
21c8e77902f7bd0230218513a21d131fb080ac8b003b57febb1eee623c6bef9c 13628
neatvnc_0.8.0+dfsg-2.debian.tar.xz
Files:
66817c9e3a030a54ac8376d5094df92e 2263 libs optional neatvnc_0.8.0+dfsg-2.dsc
9c1ac5d462df6d014dbd1e5b962fc828 13628 libs optional
neatvnc_0.8.0+dfsg-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmauT0hfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EsmkQAJPb8xZ3yF5qYquN2aWlxPJtY45jCa1u
qk4ddtiDPtvDoX9jGh1GaOHf07s0YCNyWC6fk+n+Hi/SSaYUfWg6+T3qdxujs+S7
SXwMvfUW6U10NQmj5qM3QK9MIi11UUlqV4uQX0pg9B0sij8Ja716DIRkfOtfRkut
icrsO45TlEX4INg3+Onb/oOChzGiRsktBCQvR20iTQubgSj5WqYr0OyCbWaZ1cxw
XBYRvU4C1rYG6eaUVogrzUL/Oh7awZru5tNK2t8yIz1InW7EB577zJFB50VYbIBU
WI5HGq+bll6VI3Bowaudcvn0rawhUhU18kBSq1Lnedda7PfJn6fH/BwwYJoQ9y94
felJjbeAITYRYNcJi+RpTuDHi+qO2qS2kRl0lGizSbaWpqerWFHCpo/0X+lgAlLQ
Js6I3eHl3KWcpkPwNnZeD3yEqEVJ9Vp0FlF0FA85t35KiIfThlXUC58PbAHFFQmw
yOZDdzPEndhG/KzWgxW/MTi+z3FdkP24Y/CXlh7pwOsG4P+Gv/wCGgyDDIt34fxk
Qjqlhk6lnUdySyAK9/9t+kNHKu6uZRkFUB5gqGiX4NtyH+EqLkIq12vtW1NcJTxy
VjtqjMDTtbeAFF/Ha6jca0tDeziHGeIaTDoF0VZI5Flm9jsKebQ0MpTtzIhAqQSY
J/fYrspGZn+s
=Tcdi
-----END PGP SIGNATURE-----
pgp6LDNCNBPJY.pgp
Description: PGP signature
--- End Message ---
