Re: Addressing FreeRDP security issues in Debian jessie (and stretch)
On Tue, Dec 11, 2018 at 04:42:17PM +0000, Mike Gabriel wrote:
> From my understanding the potential remote code executions that are
> mentioned in the CVE descriptions are triggered by a malign server and the
> code executions then happen on the client side.
Thanks for background.
Security issues only triggerable by a malicious RDP server are
low impact, a malicious RDP server can mess with you in so many
ways that client-side execution doesn't make a big difference.
This is certainly not something that would warrant an upgrade to
freerdp2 in a stable release, but if patches for 1.1 materialise
they could be shipped via a point update.