Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 21 Jan 2017 22:25:38 -0800
From: Alan Coopersmith <>
To: Pierre Ossman <>,
Subject: Re: [tigervnc-announce] TigerVNC 1.7.1

Is there a CVE assigned to this issue that we should use when passing this
fix through to our packages/distros?  I don't see one mentioned in the commit
or pull requests:



On 01/20/17 01:00 AM, Pierre Ossman wrote:
> This is a security update for TigerVNC 1.7.0 which fixes a memory overflow issue
> via the RRE decoder. A malicious server could possibly use this issue to take
> control of the TigerVNC viewer.
> Users are advised to upgrade as soon as possible.
> Binaries are available from bintray:
> Regards
> The TigerVNC Developers

	-Alan Coopersmith-    
	 Oracle Solaris Engineering -

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ