Debian-LTS has issued an advisory on September 29: https://www.debian.org/lts/security/2022/dla-3125 The other CVE in that advisory was already fixed in Bug 26881. Since this CVE is for libvncclient code, I'm guessing it's not part of the code that's bundled in italc, but we should verify that (and I still think that should be dropped in Cauldron). Mageia 8 is also affected.
> libvncclient > I still think that should be dropped in Cauldron Is this noted in the umbrella bug for possible pkgs to drop? Assigning globally since no one packager in view.
Assignee: bugsquad => pkg-bugs
Quoting error by Lewis. The package to drop is italc. Libvncclient is part of the libvncserver package.
Hi, Regarding italc, there are bad and good news: italc seems to be affected but it also seems to have been removed from Cauldron (I find it neither in the branch "packages/cauldron" nor in the branch "obsolete" in SVN). Best regards, Nico.
CC: (none) => nicolas.salguero
Suggested advisory: ======================== The updated packages fix a security vulnerability: libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup(). (CVE-2020-29260) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29260 https://www.debian.org/lts/security/2022/dla-3125 ======================== Updated packages in core/updates_testing: ======================== italc-3.0.3-6.1.mga8 italc-client-3.0.3-6.1.mga8 italc-client-autostart-3.0.3-6.1.mga8 italc-master-3.0.3-6.1.mga8 lib(64)vncserver1-0.9.13-1.1.mga8 lib(64)vncserver-devel-0.9.13-1.1.mga8 from SRPMS: italc-3.0.3-6.1.mga8.src.rpm libvncserver-0.9.13-1.1.mga8.src.rpm
Assignee: pkg-bugs => qa-bugsStatus: NEW => ASSIGNEDCVE: (none) => CVE-2020-29260Source RPM: libvncserver-0.9.13-3.mga9.src.rpm => libvncserver-0.9.13-1.mga8.src.rpm, italc-3.0.3-6.mga8.src.rpmVersion: Cauldron => 8
MGA8-64 MATE on Acer Aspire 5253 No installation issues Got the same error on launching italc on the CLI as described in previous update bug 27404. I will not pretend to be cleverer thanThomas or Dave, so as the update does not seem to harm anything else on my LAN, I give the OK on clean install.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
It was good enough last time, so it's good enough this time. Validating. Advisory in Comment 4.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0363.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
Just visit this https://howtogetfreerbx.com awesome gaming site
CC: (none) => arunn3620