Hi Bernhard, Thanks for responding.
I took a look at the changelog. abagarwa@abagarwa-Virtual-Machine:~$ zless /usr/share/doc/freerdp-x11/changelog.Debian.gz | grep CVE - debian/patches/CVE-2014-0791.patch: check length in libfreerdp/core/license.c. (CVE-2014-0791) + Add fix for CVE-2017-2834, CVE-2017-2835, CVE-2017-2836, CVE-2017-2837, CVE-2017-2838, CVE-2017-2839. (Closes: #869880). - debian/patches/CVE-2014-0791.patch: check length in - CVE-2014-0791 - debian/patches/CVE-2017-283x.patch: fix issues in - CVE-2017-2834, CVE-2017-2835, CVE-2017-2836, CVE-2017-2837, CVE-2017-2838, CVE-2017-2839' I don't see any patch for c. Also looking at the package source. I still see the vulnerability there. https://salsa.debian.org/debian-remote-team/freerdp-1.1-legacy/blob/master/libfreerdp/core/update.c I have ported the change from master to stable-1.1 branch. The changes are already part of the branch. Can we release a new package for 1.1 ( I understand that might be a tall ask, but CVE2018-8786 is a RCE vulnerability) ~Abhishek -----Original Message----- From: Bernhard Miklautz <bernhard.mikla...@shacknet.at> Sent: Tuesday, May 21, 2019 12:26 AM To: Abhishek Agarwal <abaga...@microsoft.com> Cc: freerdp-devel@lists.sourceforge.net Subject: Re: [FreeRDP-devel] Build from stable-1.1 branch Hi, On Mon, May 20, 2019 at 11:21:43PM +0000, Abhishek Agarwal via FreeRDP-devel wrote: > We have merged PR to the stable-1.1 branch (Thanks admin, for taking a look). > We want to use this build. I see there is a nightly build concept. we do only have nightly (integration) builds for the master branch. > I have quick questions around it. > 1. Is stable-1.1 branch also onboarded to nightly builds? nope. Sorry. > I don't see any "packaging" dir there > 1. Is there a possibility to push out a new version to official Debain > Package. The change was a port of a known vulnerability. It will help > everyone. As far as I know the issues are already fixed in the upstream Debian 1.1 (freerdp-x11). package. I'd recommend you install the package and have a look to the Debian changelog `zless /usr/share/doc/freerdp-x11/changelog.Debian.gz` You can find the package source on https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsalsa.debian.org%2Fdebian-remote-team%2Ffreerdp-1.1-legacy&data=02%7C01%7Cabagarwa%40microsoft.com%7Cb7f0cd80c6ae4497e19f08d6ddbd8453%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636940203376011880&sdata=RdVNybWTV0qsV3lIKzXWSfLMGVN%2Bc4tPkAMxm0Mc02w%3D&reserved=0 Best regards, Bernhard _______________________________________________ FreeRDP-devel mailing list FreeRDP-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freerdp-devel