Mike Gabriel pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d0f22b0f by Mike Gabriel at 2019-02-06T23:08:38Z
reserve DLA-1666-1 for freerdp
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[07 Feb 2019] DLA-1666-1 freerdp - security update
+ {CVE-2018-8786 CVE-2018-8787 CVE-2018-8789}
+ [jessie] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13~deb8u3
[06 Feb 2019] DLA-1665-1 netmask - security update
[jessie] - netmask 2.3.12+deb8u1
[06 Feb 2019] DLA-1664-1 golang - security update
=====================================
data/dla-needed.txt
=====================================
@@ -35,31 +35,6 @@ faad2 (Hugo Lefeuvre)
firmware-nonfree
NOTE: needed by sponsors
--
-freerdp (Mike Gabriel)
- NOTE: 20181202: Mike is uploader, so he should probably take this. (Thorsten)
- NOTE: 20181203: freerdp (v1.1) is a mostly unmaintained branch upstream. I
will ask upstream
- NOTE: 20181203: about possibility of paid patch backporting. FreeRDP is a
fast moving target
- NOTE: 20181203: and most patches don't apply anymore. Furthermore, FreeRDP
v1.1 does not work
- NOTE: 20181203: with recent Windows RDP servers anymore (proto / crypto
changes on the Microsoft
- NOTE: 20181203: side). Other option: backport FreeRDPv2 to jessie (and
stretch first).
- NOTE: 20181205: Phone call with Bernhard Miklautz (FreeRDP upstream). It is
possible to get FreeRDP
- NOTE: 20181205: v1.1 functional again. He will go over the required patches
and we aim at
- NOTE: 20181205: updating the github.com/FreeRDP/FreeRDP 1.1 branch that
contains all the
- NOTE: 20181205: patches needed for producing a secured and functional
stretch-security and jessie-security
- NOTE: 20181205: upload package.
- NOTE: 20181213: Ubuntu developer Alex Murray backported all open CVE fixes.
- NOTE: 20181213:
https://salsa.debian.org/debian-remote-team/freerdp-1.1-legacy/commit/aadb4fa248f1f9dcdd9dec7dce7515f054232f2d
- NOTE: 20181213: W-I-P: backporting
https://github.com/FreeRDP/FreeRDP/pull/4499 (and at least two other commits)
- NOTE: 20181220: Current work status for a stretch-pu (jessie-lts will be +/-
the same version) pushed to:
- NOTE: 20181220:
https://salsa.debian.org/debian-remote-team/freerdp-1.1-legacy/tree/debian/stretch/updates/debian
- NOTE: 20181220: Problematic is the usage of WinPR_Digest_*() functions.
Feedback request to upstream on how to proceed
- NOTE: 20181220: pending...
- NOTE: 20181220: stretch-pu pre-approval:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916912
- NOTE: 20181221: Bernhard Miklautz has worked on replacing the above
mentioned WinPR_Digest_*() calls by direct OpenSSL
- NOTE: 20181221: calls. Code status: it builds. Work on this will be
continued in January.
- NOTE: 20190111: Status update: https://sunweavers.net/blog/node/81
- NOTE: 20190131: We've got feedback from the stable release team:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916912#15
---
ghostscript (Emilio)
--
gnutls28
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0f22b0fb43a14f477a87bdd73bb10eeb97871cf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0f22b0fb43a14f477a87bdd73bb10eeb97871cf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
