From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: bug#27939: FreeRDP CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 Date: Thu, 3 Aug 2017 18:05:29 -0400 Message-ID: <20170803220529.GA19067@jasmine.lan> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="h31gzZEtNLTqOjlF" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:34919) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ddOGo-0002CQ-7A for bug-guix@gnu.org; Thu, 03 Aug 2017 18:07:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ddOGk-0004Rz-Eu for bug-guix@gnu.org; Thu, 03 Aug 2017 18:07:06 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:37786) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ddOGk-0004RZ-An for bug-guix@gnu.org; Thu, 03 Aug 2017 18:07:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ddOGk-0002hi-0g for bug-guix@gnu.org; Thu, 03 Aug 2017 18:07:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:33323) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ddOFr-0001nB-QZ for bug-guix@gnu.org; Thu, 03 Aug 2017 18:06:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ddOFn-00033K-SL for bug-guix@gnu.org; Thu, 03 Aug 2017 18:06:07 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:45381) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ddOFn-0002xQ-LW for bug-guix@gnu.org; Thu, 03 Aug 2017 18:06:03 -0400 Content-Disposition: inline List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: 27939@debbugs.gnu.org Cc: Thomas Danckaert --h31gzZEtNLTqOjlF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline The bugs corresponding to CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 were recently fixed in the FreeRDP Git repo: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c The most serious of these bugs allow the remote server (or any server in between) to execute arbitrary code on your machine. However, these changes do not apply cleanly to our version of FreeRDP. I don't have to port these changes back right now. --h31gzZEtNLTqOjlF Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlmDniYACgkQJkb6MLrK fwjzKA//QatuTqgaxwWaraHgGJDnH0wncc0npPfitqmIsJJ7EAKufDeimOLKbmcx pgzv4042x8Ux9GaN6D1AIQwa9NNKKQri9/qQ9y2tL6iXuM6RcnHvjWiidRWGIvkz VewYcWwoAM1uIR2rcD2bLRPASHn/LJGIyOhBQCfSOy8qn6jeJMtDdaXLg0sw4NPq +iL1dKzOwbRndwEg/AjrQxQ4F0zB4L23Bx2aVqfL/jrmQOEGrZioMCo4LdEbObWH IjG99bOz+IovrlUedNtP55Uy5vwW6ZpFnnLPKd1kvCpB5BQV0Koq66/nMVqvIaly pFNPnt/xrgTyZ48fRfNyMZGuR9dOZkMTk6tIjHnr7gRtQw0l5uNLCinwVYZPVn+B ERMZqIU97v84UZLAp0Wpk1X7h0NfQDJ+C+xrnMMFO0K1lDP46yDkOO1XA6Z9zvKv /+5b1urDCrgifJhLgRiGVz4uyoWtM78iYO79VPUc6ngzwquA6fnKkCo/FXq4E6bb VpH0c60em8+pyQCApw8MUHcG1IGXD6DVuZSl3l3rJtnDHWQ6711XWtio5+9mYD0l LZn08Xot1pgmfUOkwapRrt64GJHVAWNS4VuEqLKgNa9CwxtComVU5M37vwgKH514 SJtxWQbNOlGNKgfsm+tb5FVXwGRiJMLC1f4GPPhpULcmHXnOXdY= =9RdC -----END PGP SIGNATURE----- --h31gzZEtNLTqOjlF--