GNU bug report logs - #27939
FreeRDP CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Thu, 3 Aug 2017 22:07:01 UTC

Severity: normal

Done: Marius Bakke <mbakke <at> fastmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Marius Bakke <mbakke <at> fastmail.com>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#27939: closed (FreeRDP CVE-2017-2834 CVE-2017-2835
 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839)
Date: Thu, 03 Aug 2017 23:23:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Fri, 04 Aug 2017 01:22:01 +0200
with message-id <87tw1outie.fsf <at> fastmail.com>
and subject line Re: bug#27939: FreeRDP CVE-2017-2834 CVE-2017-2835 CVE-2017-2836	CVE-2017-2837 CVE-2017-2838 CVE-2017-2839
has caused the debbugs.gnu.org bug report #27939,
regarding FreeRDP CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
27939: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=27939
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: bug-guix <at> gnu.org
Cc: Thomas Danckaert <thomas.danckaert <at> gmail.com>
Subject: FreeRDP CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837
 CVE-2017-2838 CVE-2017-2839
Date: Thu, 3 Aug 2017 18:05:29 -0400

[Message part 3 (text/plain, inline)]
The bugs corresponding to CVE-2017-2834 CVE-2017-2835 CVE-2017-2836
CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 were recently fixed in the
FreeRDP Git repo:

https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c

The most serious of these bugs allow the remote server (or any server in
between) to execute arbitrary code on your machine.

However, these changes do not apply cleanly to our version of FreeRDP. I
don't have to port these changes back right now.

[signature.asc (application/pgp-signature, inline)]
[Message part 5 (message/rfc822, inline)]
From: Marius Bakke <mbakke <at> fastmail.com>
To: Leo Famulari <leo <at> famulari.name>, 27939-done <at> debbugs.gnu.org
Cc: Thomas Danckaert <thomas.danckaert <at> gmail.com>
Subject: Re: bug#27939: FreeRDP CVE-2017-2834 CVE-2017-2835
 CVE-2017-2836	CVE-2017-2837 CVE-2017-2838 CVE-2017-2839
Date: Fri, 04 Aug 2017 01:22:01 +0200

[Message part 6 (text/plain, inline)]
Leo Famulari <leo <at> famulari.name> writes:

> The bugs corresponding to CVE-2017-2834 CVE-2017-2835 CVE-2017-2836
> CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 were recently fixed in the
> FreeRDP Git repo:
>
> https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c
>
> The most serious of these bugs allow the remote server (or any server in
> between) to execute arbitrary code on your machine.

Yikes! Thanks for the heads-up.

I went ahead and updated to the 2.0.0 rc which contain this fix in
c89091459f24dee4ba4959d65e38589efc1d8d9e.

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 7 years and 336 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.