CVE-2023-1393

[Andrew Aitchison]

Earlier in the year Red Hat released a security update for tigervnc to address CVE-2023-1393, see https://access.redhat.com/errata/RHSA-2023:1592

Does TigerVNC 1.13.1 include the fix for CVE-2023-1393 ?

Thanks.

[Pierre Ossman]

Probably not, since it looks like those fixes rolled out after the
1.13.1 release. The nightly builds should include a patched Xorg though.

Security issues like those generally don't affect users of TigerVNC,
though, as you rarely run Xvnc as a privileged user. They are a problem
when you run your X server as root, and your applications as a regular user.

Regards
--
Pierre Ossman Software Development
Cendio AB http://cendio.com
Teknikringen 8 http://twitter.com/ThinLinc
583 30 Linköping http://facebook.com/ThinLinc
Phone: +46-13-214600

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?