Package: release.debian.org Severity: normal Tags: bookworm User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: freer...@packages.debian.org, t...@security.debian.org Control: affects -1 + src:freerdp2
I'm asking for pre-approval to update freerdp2 from 2.10.0 to 2.11.2. The changes from 2.10.0 to 2.11.2 are mainly targeting security fixes (12 CVE's, see security tracker [1] for details), [1] https://security-tracker.debian.org/tracker/source-package/freerdp2 upstream changelog is at https://github.com/FreeRDP/FreeRDP/blob/stable-2.0/ChangeLog all commits are: https://github.com/FreeRDP/FreeRDP/compare/2.10.0...2.11.2 When working on the LTS updates, I've been in contact in contact with the maintainer and one of the upstream maintainer and checked with them about feasbility and e.g confirmed that the new upstream version is ABI compatible. I've tested reverse dependencies (remmina, vinagre, gnome-connections) against a Windows 10 RDP host and confirmed packages are still working. Backporting the fixes is of course possible, but bears a significant risk for regression, therefor I would prefer to use the new upstream version, given also that upstream changes are only a few and fixing also a few bugs that would be nice to be fixed. As far as I understood it, the maintainers would also prefer the new version over patching the one in stable. (They are in CC, so can intervene if I got that wrong…) If this is a viable route, please let me know and I will prepare a debdiff for a the real approval. -- Cheers, tobi
