Re: Addressing FreeRDP security issues in Debian jessie (and stretch)

To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Cc: debian-lts@lists.debian.org, team@security.debian.org
Subject: Re: Addressing FreeRDP security issues in Debian jessie (and stretch)
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Mon, 10 Dec 2018 22:30:34 +0100
Message-id: <[🔎] 20181210213034.GB15274@pisco.westfalen.local>
In-reply-to: <[🔎] 20181210174451.Horde.B1NfVFfMb9XLz02NBYRJxA5@mail.das-netzwerkteam.de>
References: <[🔎] 20181210174451.Horde.B1NfVFfMb9XLz02NBYRJxA5@mail.das-netzwerkteam.de>

On Mon, Dec 10, 2018 at 05:44:51PM +0000, Mike Gabriel wrote:
> Hi,
> 
> I'd like to discuss the possible pathways for getting FreeRDP fixed in
> Debian jessie LTS (and Debian stretch, too).

debian-security@ldo is not the proper contact address, I've fixed
the recipient list.

> Last week I talked to Bernhard Miklautz (one of the FreeRDP upsteam
> maintainers and the actual packager of FreeRDPv2 in Debian).
> 
> 1. Looking at fixing FreeRDP v1.1 in jessie / stretch
> -----------------------------------------------------
> 
> He sketched up the following pathway for getting freerdp (v1.1) fixed in
> Debian jessie (and stretch):

What is the impact/scope of the individual issues? The individual commit
messages are quite scarce. Are these exploitable by the server or
a connecting client or vice versa?

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: Addressing FreeRDP security issues in Debian jessie (and stretch)
  - From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

References:
- Addressing FreeRDP security issues in Debian jessie (and stretch)
  - From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Prev by Date: Addressing FreeRDP security issues in Debian jessie (and stretch)
Next by Date: LTS/ELTS Report for November 2018
Previous by thread: Addressing FreeRDP security issues in Debian jessie (and stretch)
Next by thread: Re: Addressing FreeRDP security issues in Debian jessie (and stretch)
Index(es):
- Date
- Thread