Date: Sat, 21 Jan 2017 22:25:38 -0800 From: Alan Coopersmith <alan.coopersmith@...cle.com> To: Pierre Ossman <ossman@...dio.se>, tigervnc-devel@...glegroups.com Cc: oss-security@...ts.openwall.com Subject: Re: [tigervnc-announce] TigerVNC 1.7.1 Is there a CVE assigned to this issue that we should use when passing this fix through to our packages/distros? I don't see one mentioned in the commit or pull requests: https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba https://github.com/TigerVNC/tigervnc/pull/399 Thanks, -alan- On 01/20/17 01:00 AM, Pierre Ossman wrote: > This is a security update for TigerVNC 1.7.0 which fixes a memory overflow issue > via the RRE decoder. A malicious server could possibly use this issue to take > control of the TigerVNC viewer. > > Users are advised to upgrade as soon as possible. > > Binaries are available from bintray: > > https://bintray.com/tigervnc/stable/tigervnc/1.7.1 > > Regards > The TigerVNC Developers > -- -Alan Coopersmith- alan.coopersmith@...cle.com Oracle Solaris Engineering - http://blogs.oracle.com/alanc
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ