oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: libvncserver: old websocket decoding patch

From: Stefan Cornelius <scorneli () redhat com>
Date: Tue, 30 Jun 2020 14:54:59 +0200
On Tue, 30 Jun 2020 10:50:09 +0200
Stefan Cornelius <scorneli () redhat com> wrote:


Hi,

Upstream libvncserver fixed a websocket decoding issue >3years ago in
https://github.com/LibVNC/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433

AFAICT, this never got a CVE and wasn't backported by some
distributions.

Thanks and kind regards,

[I sent a heads-up about this to distros last Friday, 'embargo' ran
out on Monday 20:00 UTC]


Please use CVE-2017-18922

-- 
Stefan Cornelius / Red Hat Product Security
Previous By Date Next
Previous By Thread Next

Current thread: