@bernhard.mikla...@shacknet.at : Can you please help us around here? It will
really help if we can release a new version of 1.1 to debain mirrors.
~Abhishek
-----Original Message-----
From: Abhishek Agarwal via FreeRDP-devel <freerdp-devel@lists.sourceforge.net>
Sent: Tuesday, May 21, 2019 10:43 AM
To: bernhard.mikla...@shacknet.at
Cc: freerdp-devel@lists.sourceforge.net
Subject: Re: [FreeRDP-devel] Build from stable-1.1 branch
Hi Bernhard,
Thanks for responding.
I took a look at the changelog.
abagarwa@abagarwa-Virtual-Machine:~$ zless
/usr/share/doc/freerdp-x11/changelog.Debian.gz | grep CVE
- debian/patches/CVE-2014-0791.patch: check length in
libfreerdp/core/license.c. (CVE-2014-0791)
+ Add fix for CVE-2017-2834, CVE-2017-2835, CVE-2017-2836,
CVE-2017-2837, CVE-2017-2838, CVE-2017-2839. (Closes: #869880).
- debian/patches/CVE-2014-0791.patch: check length in
- CVE-2014-0791
- debian/patches/CVE-2017-283x.patch: fix issues in
- CVE-2017-2834, CVE-2017-2835, CVE-2017-2836, CVE-2017-2837,
CVE-2017-2838, CVE-2017-2839'
I don't see any patch for c.
Also looking at the package source. I still see the vulnerability there.
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsalsa.debian.org%2Fdebian-remote-team%2Ffreerdp-1.1-legacy%2Fblob%2Fmaster%2Flibfreerdp%2Fcore%2Fupdate.c&data=02%7C01%7Cabagarwa%40microsoft.com%7C3d0b35ae36414468894508d6de15f3d2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636940583204926466&sdata=Ac4prCKkCBOIvOabSKBfF%2Bb9i98EUK%2F9HZ6bkVuDghg%3D&reserved=0
I have ported the change from master to stable-1.1 branch. The changes are
already part of the branch. Can we release a new package for 1.1 ( I understand
that might be a tall ask, but CVE2018-8786 is a RCE vulnerability)
~Abhishek
-----Original Message-----
From: Bernhard Miklautz <bernhard.mikla...@shacknet.at>
Sent: Tuesday, May 21, 2019 12:26 AM
To: Abhishek Agarwal <abaga...@microsoft.com>
Cc: freerdp-devel@lists.sourceforge.net
Subject: Re: [FreeRDP-devel] Build from stable-1.1 branch
Hi,
On Mon, May 20, 2019 at 11:21:43PM +0000, Abhishek Agarwal via FreeRDP-devel
wrote:
> We have merged PR to the stable-1.1 branch (Thanks admin, for taking a look).
> We want to use this build. I see there is a nightly build concept.
we do only have nightly (integration) builds for the master branch.
> I have quick questions around it.
> 1. Is stable-1.1 branch also onboarded to nightly builds?
nope. Sorry.
> I don't see any "packaging" dir there
> 1. Is there a possibility to push out a new version to official Debain
> Package. The change was a port of a known vulnerability. It will help
> everyone.
As far as I know the issues are already fixed in the upstream Debian 1.1
(freerdp-x11). package. I'd recommend you install the package and have a look
to the Debian changelog `zless /usr/share/doc/freerdp-x11/changelog.Debian.gz`
You can find the package source on
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsalsa.debian.org%2Fdebian-remote-team%2Ffreerdp-1.1-legacy&data=02%7C01%7Cabagarwa%40microsoft.com%7C3d0b35ae36414468894508d6de15f3d2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636940583205805983&sdata=rVwVpeIYIuGBVlcurP%2Bw09M1pN%2BZ59CT5ktOzkljSuU%3D&reserved=0
Best regards,
Bernhard
_______________________________________________
FreeRDP-devel mailing list
FreeRDP-devel@lists.sourceforge.net
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Ffreerdp-devel&data=02%7C01%7Cabagarwa%40microsoft.com%7C3d0b35ae36414468894508d6de15f3d2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636940583205815979&sdata=YY83cS%2BjnfMuiQZS3aksdRYrW%2FhOL%2BAnJdz1ihrEwak%3D&reserved=0
_______________________________________________
FreeRDP-devel mailing list
FreeRDP-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
