Ubuntu
gtk-vnc package

backport gtk-vnc so connections to tightvncservers work

Bug #779533 reported by Anand Kumria
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Lucid Backports
Won't Fix
Undecided
Unassigned
gtk-vnc (Ubuntu)
New
Undecided
Unassigned

Bug Description

There is an off-by-one bug in gtk-vnc which causes connections to tightvncservers to fail.

There is a bug about it here: https://bugs.launchpad.net/ubuntu/+source/vinagre/+bug/598597

The fix is a one-liner.

I have marked this as a security vulnerability since, in my experience, an off-by-one error can be a real problem.

Revision history for this message
Iain Lane (laney) wrote :

This should be fixed in the main release and not via -backports; reassigning accordingly.

Changed in lucid-backports:
status: New → Won't Fix
visibility: private → public
Revision history for this message
Steve Beattie (sbeattie) wrote :

Anand, thanks for taking the time to report this issue and help improve Ubuntu. While it's true that often times off-by-one errors result in security issues, in this instance because the error is affecting what gets written to the buffer and is a constant string, rather than writing past the end of a buffer, there is no security issue here. This should get fixed through the normal Stable Release Updates (SRU) process. I'm marking this bug as a duplicate of the original bug 598597. Thanks again.

Jamie Strandboge (jdstrand)
security vulnerability: yes → no
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.