oss-sec mailing list archives
Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 11 Jul 2013 12:48:19 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/10/2013 07:10 AM, Jan Lieskovsky wrote:
Hello Kurt, Steve, vendors, (some time ago) FreeRDP upstream has released 1.1.0-beta1 version: [1] http://sourceforge.net/mailarchive/message.php?msg_id=30591956 correcting multiple security flaws: * library / client side fixes: https://github.com/FreeRDP/FreeRDP/pull/887
Can someone from upstream confirm if these are hardening or a security fix?
https://github.com/FreeRDP/FreeRDP/commit/0dc22d5a30a1c7d146b2a835b2032668127c33e9
Can
someone from upstream confirm if these are hardening or a security fix?
https://github.com/FreeRDP/FreeRDP/commit/bceec083677a609ba2f06cc75924ab0accac5388
Can
someone from upstream confirm if these are hardening or a security fix?
* server side fixes: https://github.com/FreeRDP/FreeRDP/commit/7d58aac24fe20ffaad7bd9b40c9ddf457c1b06e7
Please
use CVE-2013-4118 for this issue.
https://github.com/FreeRDP/FreeRDP/commit/0773bb9303d24473fe1185d85a424dfe159aff53
Please
use CVE-2013-4119 for this issue.
CC-ed Marc-Andre, Bernhard and Martin of FreeRDP upstream to clarify if the above list of patches is complete wrt to security fixes, corrected within 1.0.1-beta1 version. Marc-Andre, Bernhard, Martin, please complete the set of security fixes if / where necessary. Kurt / Steve, could you allocate CVE ids for these? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team P.S.: Thanks goes to Florian Weimer of Red Hat Product Security Team for pointing these out.
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJR3v3zAAoJEBYNRVNeJnmTVfwQAL68o31SjenHZ6/4w8cfLhaO JeD1V6vaSj8WZdWXLivMo99naYhEd185EMzGZPXapGWkZ1viVoL/q9lWFT6UHRfE hhwmmhbRoBv0zeCrwQe+puNWV5WyVpy6dEczJh/sDacMLNPBlW35EnBtckV7tZSw xLHK/SqOEjcbq5xCtXWIYKgHBLN3PWIuEhmghPCcshg7v/K1QmtlpQzdQyv5Gw5P xVvTjHM3aUJJBztR4OGQRybsL5CH61GiDUYGbFd2Uo5IWDjq8pMp0JddNgjocw9m x2wzwQual+zNjHhx+8oiJm9xCN21MnGNO1d14yPxVdibNKHSMzBI6i7xxOkeRb3x Mc/uJt3Vq3VeuTlmv3oO0Nr0UGWk/1AK0T1+CjqZpIbI4UKdiRhliI8QMjEFbSQZ c05iOou7aTOEZtHjxEkG47zLSx1/80u+ctK2tsVqb5RlfgX2w/fAUXnRrW0rvF8N Kq9mUJy7iS24v/rS5p3IxLJ2qGeKW+LqZTdXv1RIlu4Rno8dPbaG+zvpS5eWOSoA rYBljsKcWURUuJ6dLLH42yQoSRWe6XdZXhzJpyIJtadXbNWWRJS2nKEA4BJ8mjod 8rwi3V4EEeHwUDXVPMm+1AgDQD6PJeH2t4K/gh5My5Rr6L8oKqqGTQsHG0HxqA0O CZV6W6lhLF0rZKu3TfvZ =hL5K -----END PGP SIGNATURE-----
Current thread:
- CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version Jan Lieskovsky (Jul 10)
- Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version Kurt Seifried (Jul 11)
- Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version Bernhard Miklautz (Jul 12)
- Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version Kurt Seifried (Jul 11)