Hi Adam, On Mo 01 Jun 2020 13:29:23 CEST, Adam D. Barratt wrote:
On Mon, 2020-06-01 at 13:20 +0200, Mike Gabriel wrote:I just uploaded this update of freerdp2 to Debian buster. Thanks to Bernhard Miklautz, we have several security patches available: + [ Bernhard Miklautz ] + * debian/patches - security releated backports from upstream + * Add 0003-Fixed-6007-Boundary-checks-in- rdp_read_flow_control.patch + * Add 0004-Fixed-6009-Bounds-checks-in- autodetect_recv_bandwidt.patchNot every bug necessarily has to be fixed in stable... For clarity, all of these are resolved in unstable already? Regards, Adam
another option other than a little cherry-picking hell could be bumping buster's version to 2.1.1+dfsg-1, too. Similar to what people did in Ubuntu...
https://usn.ubuntu.com/4379-1/ Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4351) 486 14 27 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunweaver@debian.org, http://sunweavers.net
Attachment:
pgpsL6PQzYBxc.pgp
Description: Digitale PGP-Signatur