oss-sec mailing list archives
CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 10 Jul 2013 09:10:45 -0400 (EDT)
Hello Kurt, Steve, vendors, (some time ago) FreeRDP upstream has released 1.1.0-beta1 version: [1] http://sourceforge.net/mailarchive/message.php?msg_id=30591956 correcting multiple security flaws: * library / client side fixes: https://github.com/FreeRDP/FreeRDP/pull/887 https://github.com/FreeRDP/FreeRDP/commit/0dc22d5a30a1c7d146b2a835b2032668127c33e9 https://github.com/FreeRDP/FreeRDP/commit/bceec083677a609ba2f06cc75924ab0accac5388 * server side fixes: https://github.com/FreeRDP/FreeRDP/commit/7d58aac24fe20ffaad7bd9b40c9ddf457c1b06e7 https://github.com/FreeRDP/FreeRDP/commit/0773bb9303d24473fe1185d85a424dfe159aff53 CC-ed Marc-Andre, Bernhard and Martin of FreeRDP upstream to clarify if the above list of patches is complete wrt to security fixes, corrected within 1.0.1-beta1 version. Marc-Andre, Bernhard, Martin, please complete the set of security fixes if / where necessary. Kurt / Steve, could you allocate CVE ids for these? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team P.S.: Thanks goes to Florian Weimer of Red Hat Product Security Team for pointing these out.
Current thread:
- CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version Jan Lieskovsky (Jul 10)
- Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version Kurt Seifried (Jul 11)
- Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version Bernhard Miklautz (Jul 12)
- Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version Kurt Seifried (Jul 11)