Bug#930687: unblock: rdesktop/1.8.6-2

To: László Böszörményi (GCS) <gcs@debian.org>
Cc: 930687@bugs.debian.org
Subject: Bug#930687: unblock: rdesktop/1.8.6-2
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Fri, 21 Jun 2019 19:22:45 +0200
Message-id: <[🔎] 20190621172245.GA16914@pisco.westfalen.local>
Reply-to: Moritz Mühlenhoff <jmm@inutil.org>, 930687@bugs.debian.org
In-reply-to: <[🔎] CAKjSHr3=mnh337f+FWg-1ao7V6oAdoic3KTDh+Pq+8FV+UT8Zg@mail.gmail.com>
References: <[🔎] CAKjSHr3=mnh337f+FWg-1ao7V6oAdoic3KTDh+Pq+8FV+UT8Zg@mail.gmail.com> <[🔎] CAKjSHr3=mnh337f+FWg-1ao7V6oAdoic3KTDh+Pq+8FV+UT8Zg@mail.gmail.com>

On Tue, Jun 18, 2019 at 06:19:33PM +0200, László Böszörményi (GCS) wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Hi Release Team,
> 
> There's several security issues fixed with rdesktop 1.8.6 and while it

> has some regressions, I've backported the needed fixes for the -2
> package version.
> As upstream notes: "This is a security release to address various
> buffer overflow and overrun issues in the rdesktop protocol handling.
> rdesktop will now detect any attempts to access invalid areas and
> refuse to continue. Users are adviced to upgrade as soon as possible."
> 
> The debdiff is a bit large, but hopefully can be accepted for Buster.

JFTR, we'll likely also rebase stretch to that version (we did similarly
for 1.8.4 in a previous DSA).

Cheers,
        Moritz

Reply to:

References:
- Bug#930687: unblock: rdesktop/1.8.6-2
  - From: László Böszörményi (GCS) <gcs@debian.org>

Prev by Date: Bug#930867: unblock: libvirt/5.0.0-4
Next by Date: Bug#930687: unblock: rdesktop/1.8.6-2
Previous by thread: Bug#930687: unblock: rdesktop/1.8.6-2
Next by thread: Bug#930687: unblock: rdesktop/1.8.6-2
Index(es):
- Date
- Thread