GNU bug report logs - #27939
FreeRDP CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Thu, 3 Aug 2017 22:07:01 UTC

Severity: normal

Done: Marius Bakke <mbakke <at> fastmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Thomas Danckaert <post <at> thomasdanckaert.be>
To: mbakke <at> fastmail.com
Cc: 27939-done <at> debbugs.gnu.org, leo <at> famulari.name
Subject: bug#27939: FreeRDP CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839
Date: Fri, 04 Aug 2017 10:34:55 +0200 (CEST)

From: Marius Bakke <mbakke <at> fastmail.com>
Subject: Re: bug#27939: FreeRDP CVE-2017-2834 CVE-2017-2835 
CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839
Date: Fri, 04 Aug 2017 01:22:01 +0200

> Leo Famulari <leo <at> famulari.name> writes:
>
>> The bugs corresponding to CVE-2017-2834 CVE-2017-2835 CVE-2017-2836
>> CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 were recently fixed in 
>> the
>> FreeRDP Git repo:
>>
>> https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c
>>
>> The most serious of these bugs allow the remote server (or any 
>> server in
>> between) to execute arbitrary code on your machine.
>
> Yikes! Thanks for the heads-up.
>
> I went ahead and updated to the 2.0.0 rc which contain this fix in
> c89091459f24dee4ba4959d65e38589efc1d8d9e.

Thanks!

Unfortunately, vinagre doesn't build against freerdp 2. I'll try to 
fix that, or otherwise try to backport the patches to freerdp 1.x.

Thomas
This bug report was last modified 7 years and 336 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.