@bernhard.mikla...@shacknet.at : Can you please help us around here? It will really help if we can release a new version of 1.1 to debain mirrors.
~Abhishek -----Original Message----- From: Abhishek Agarwal via FreeRDP-devel <freerdp-devel@lists.sourceforge.net> Sent: Tuesday, May 21, 2019 10:43 AM To: bernhard.mikla...@shacknet.at Cc: freerdp-devel@lists.sourceforge.net Subject: Re: [FreeRDP-devel] Build from stable-1.1 branch Hi Bernhard, Thanks for responding. I took a look at the changelog. abagarwa@abagarwa-Virtual-Machine:~$ zless /usr/share/doc/freerdp-x11/changelog.Debian.gz | grep CVE - debian/patches/CVE-2014-0791.patch: check length in libfreerdp/core/license.c. (CVE-2014-0791) + Add fix for CVE-2017-2834, CVE-2017-2835, CVE-2017-2836, CVE-2017-2837, CVE-2017-2838, CVE-2017-2839. (Closes: #869880). - debian/patches/CVE-2014-0791.patch: check length in - CVE-2014-0791 - debian/patches/CVE-2017-283x.patch: fix issues in - CVE-2017-2834, CVE-2017-2835, CVE-2017-2836, CVE-2017-2837, CVE-2017-2838, CVE-2017-2839' I don't see any patch for c. Also looking at the package source. I still see the vulnerability there. https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsalsa.debian.org%2Fdebian-remote-team%2Ffreerdp-1.1-legacy%2Fblob%2Fmaster%2Flibfreerdp%2Fcore%2Fupdate.c&data=02%7C01%7Cabagarwa%40microsoft.com%7C3d0b35ae36414468894508d6de15f3d2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636940583204926466&sdata=Ac4prCKkCBOIvOabSKBfF%2Bb9i98EUK%2F9HZ6bkVuDghg%3D&reserved=0 I have ported the change from master to stable-1.1 branch. The changes are already part of the branch. Can we release a new package for 1.1 ( I understand that might be a tall ask, but CVE2018-8786 is a RCE vulnerability) ~Abhishek -----Original Message----- From: Bernhard Miklautz <bernhard.mikla...@shacknet.at> Sent: Tuesday, May 21, 2019 12:26 AM To: Abhishek Agarwal <abaga...@microsoft.com> Cc: freerdp-devel@lists.sourceforge.net Subject: Re: [FreeRDP-devel] Build from stable-1.1 branch Hi, On Mon, May 20, 2019 at 11:21:43PM +0000, Abhishek Agarwal via FreeRDP-devel wrote: > We have merged PR to the stable-1.1 branch (Thanks admin, for taking a look). > We want to use this build. I see there is a nightly build concept. we do only have nightly (integration) builds for the master branch. > I have quick questions around it. > 1. Is stable-1.1 branch also onboarded to nightly builds? nope. Sorry. > I don't see any "packaging" dir there > 1. Is there a possibility to push out a new version to official Debain > Package. The change was a port of a known vulnerability. It will help > everyone. As far as I know the issues are already fixed in the upstream Debian 1.1 (freerdp-x11). package. I'd recommend you install the package and have a look to the Debian changelog `zless /usr/share/doc/freerdp-x11/changelog.Debian.gz` You can find the package source on https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsalsa.debian.org%2Fdebian-remote-team%2Ffreerdp-1.1-legacy&data=02%7C01%7Cabagarwa%40microsoft.com%7C3d0b35ae36414468894508d6de15f3d2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636940583205805983&sdata=rVwVpeIYIuGBVlcurP%2Bw09M1pN%2BZ59CT5ktOzkljSuU%3D&reserved=0 Best regards, Bernhard _______________________________________________ FreeRDP-devel mailing list FreeRDP-devel@lists.sourceforge.net https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Ffreerdp-devel&data=02%7C01%7Cabagarwa%40microsoft.com%7C3d0b35ae36414468894508d6de15f3d2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636940583205815979&sdata=YY83cS%2BjnfMuiQZS3aksdRYrW%2FhOL%2BAnJdz1ihrEwak%3D&reserved=0 _______________________________________________ FreeRDP-devel mailing list FreeRDP-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freerdp-devel