Bug#930687: unblock: rdesktop/1.8.6-2

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#930687: unblock: rdesktop/1.8.6-2
From: László Böszörményi (GCS) <gcs@debian.org>
Date: Tue, 18 Jun 2019 18:19:33 +0200
Message-id: <[🔎] CAKjSHr3=mnh337f+FWg-1ao7V6oAdoic3KTDh+Pq+8FV+UT8Zg@mail.gmail.com>
Reply-to: László Böszörményi (GCS) <gcs@debian.org>, 930687@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi Release Team,

There's several security issues fixed with rdesktop 1.8.6 and while it
has some regressions, I've backported the needed fixes for the -2
package version.
As upstream notes: "This is a security release to address various
buffer overflow and overrun issues in the rdesktop protocol handling.
rdesktop will now detect any attempts to access invalid areas and
refuse to continue. Users are adviced to upgrade as soon as possible."

The debdiff is a bit large, but hopefully can be accepted for Buster.

Thanks for consideration,
Laszlo/GCS

Attachment: rdesktop_1.8.4-1_to_1.8.6-2.patch.gz
Description: application/gzip

Reply to:

Follow-Ups:
- Bug#930687: unblock: rdesktop/1.8.6-2
  - From: Moritz Mühlenhoff <jmm@inutil.org>
- Bug#930687: unblock: rdesktop/1.8.6-2
  - From: Paul Gevers <elbrus@debian.org>

Prev by Date: Bug#930686: unblock: krb5/1.17-3
Next by Date: Bug#928227: unblock: golang-golang-x-net-dev/1:0.0+git20181201.351d144+dfsg-3
Previous by thread: Bug#930686: marked as done (unblock: krb5/1.17-3)
Next by thread: Bug#930687: unblock: rdesktop/1.8.6-2
Index(es):
- Date
- Thread