On Tue, Jun 18, 2019 at 06:19:33PM +0200, László Böszörményi (GCS) wrote: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > > Hi Release Team, > > There's several security issues fixed with rdesktop 1.8.6 and while it
> has some regressions, I've backported the needed fixes for the -2 > package version. > As upstream notes: "This is a security release to address various > buffer overflow and overrun issues in the rdesktop protocol handling. > rdesktop will now detect any attempts to access invalid areas and > refuse to continue. Users are adviced to upgrade as soon as possible." > > The debdiff is a bit large, but hopefully can be accepted for Buster. JFTR, we'll likely also rebase stretch to that version (we did similarly for 1.8.4 in a previous DSA). Cheers, Moritz