Opened 7 years ago

Closed 7 years ago

#8862 closed enhancement (fixed)

gtk-vnc-0.7.0 (CVE-2017-5884 CVE-2017-5885)

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: high Milestone: 8.0
Component: systemd Version: SVN
Severity: normal Keywords:


New minor version


 o CVE-2017-5884 - fix bounds checking for RRE, hextile and
   copyrect encodings
 o CVE-2017-5885 - fix color map index bounds checking
 o Add API to allow smooth scaling to be disabled
 o Workaround to help SPICE servers quickly drop VNC clients
   which mistakenly connect, by sending "RFB " signature bytes
 o Don't accept color map entries for true-color pixel formats
 o Add missing vala .deps files for gvnc & gvncpulse
 o Avoid crash if host/port is NULL
 o Add precondition checks to some public APIs
 o Fix link to home page in README file
 o Fix misc memory leaks
 o Clamp cursor hot-pixel to within cursor region

Change History (3)

comment:1 by Douglas R. Reno, 7 years ago

Component: BOOKsystemd

comment:2 by Douglas R. Reno, 7 years ago

Owner: changed from blfs-book@… to Douglas R. Reno
Status: newassigned

comment:3 by Douglas R. Reno, 7 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r18278

Note: See TracTickets for help on using tickets.