[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#884483: stretch-pu: package xrdp/0.9.1-9+deb9u1

Hi Dominik,

On Sat, Jan 13, 2018 at 06:26:28PM +0100, Julien Cristau wrote:
> Control: tag -1 confirmed
> 
> On Fri, Dec 15, 2017 at 19:41:29 +0100, Dominik George wrote:
> 
> > Package: release.debian.org
> > Severity: normal
> > Tags: stretch
> > User: release.debian.org@packages.debian.org
> > Usertags: pu
> > 
> > Hi,
> > 
> > I'd like to update xrdp in stretch for two important bugs:
> > 
> >  1. #882463, CVE-2017-16927: Local DoS
> >     Security team says it's not critical enough for stretch-security and I should instead
> >     target stretch-pu (although I disagree).
> > 
> >  2. #884453, High CPU load in ssl_tls_accept
> >     Remote users could use up quite a lot or all system resources by keeping TLS contexts
> >     in a certain state.
> > 
> Looks ok, please go ahead.

Above Julien confirmed to upload. Would be good to see the fix landing
in the next stretch point release, can you upload, or were there any
problems with the fix?

Regards,
Salvatore
Reply to: