Bug#884483: stretch-pu: package xrdp/0.9.1-9+deb9u1
Control: tag -1 confirmed
On Fri, Dec 15, 2017 at 19:41:29 +0100, Dominik George wrote:
> Package: release.debian.org
> Severity: normal
> Tags: stretch
> User: release.debian.org@packages.debian.org
> Usertags: pu
>
> Hi,
>
> I'd like to update xrdp in stretch for two important bugs:
>
> 1. #882463, CVE-2017-16927: Local DoS
> Security team says it's not critical enough for stretch-security and I should instead
> target stretch-pu (although I disagree).
>
> 2. #884453, High CPU load in ssl_tls_accept
> Remote users could use up quite a lot or all system resources by keeping TLS contexts
> in a certain state.
>
Looks ok, please go ahead.
Cheers,
Julien
Reply to: