From: Leo Famulari <leo@famulari.name>
Subject: Re: bug#27939: FreeRDP CVE-2017-2834 CVE-2017-2835 
CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839
Date: Fri, 4 Aug 2017 10:56:15 -0400

> On Fri, Aug 04, 2017 at 10:34:55AM +0200, Thomas Danckaert wrote:
>> Unfortunately, vinagre doesn't build against freerdp 2. I'll try 
>> to fix
>> that, or otherwise try to backport the patches to freerdp 1.x.
>
> I think it should not be too hard to backport the patches if that's 
> what
> we need to do, but I don't have the time this week.

I tried applying the patch for 
https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c 
to freerdp@1.2.0-beta1+android9, fixed the conflicts, and came up 
with the attached patch.  I can confirm freerdp1.2beta with this 
patch compiles and runs, but cannot guarantee this fixes all those 
issues, because I'm totally unfamiliar with the code (and with rdp) 
... is this enough to create a freerdp-1.2 package?

The alternative is to downgrade to freerdp@1.1, or to disable rdp 
from vinagre.  When I first submitted these packages, I ran into 
trouble trying to build freerdp@1.1, but I don't remember exactly 
what the problem was :).

Thomas