I suspect freerdp2 was derailed in politics much like the stalls and eventual 
removal of a package for guacamole-server. What is currently deployed in Ubuntu 
focal is a alpha development snapshot of freerdp2 2.0.0 which is buggy to the 
point of being unusable for Apache guacamole and has significant security 
holes. There are 14 CVEs currently listed as fixed in freerdp 2.1.0.
The advisories, which are a recent additional reflective of the maturity of the 
product, can be found here: 
https://github.com/FreeRDP/FreeRDP/security/advisories

It's hard to get an exact number on security issues between that
development snapshot and the stable release but freerdp went through a
lot of development before the recent stable releases appeared. Hundreds
to thousands of issues fixed and some of them will have had security
impact.

An alpha development snapshot may been needed temporarily in an LTS
release but it should be replaced with something stable once it is
available.

I have no interest in the politics and have not managed to navigate the 
bureaucracy needed to contribute packages to Debian and Ubuntu. I am trying to 
see if I can leverage the freerdp2 daily builds to build a stable package for 
freerdp 2.1.1 which is the current stable release.
I'm also trying to see if I can take the 0.9.9 Debian package of Apache 
Guacamole and rebuild it around 1.1.0 and eventually 1.2.0 as that release is 
what will be stable on 20.04.
If someone can help grease inclusion of the resulting packages that would be 
appreciated.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to freerdp2 in Ubuntu.
https://bugs.launchpad.net/bugs/1873514

Title:
  Ubuntu uses insecure FreeRDP version

Status in freerdp2 package in Ubuntu:
  Confirmed

Bug description:
  FreeRDP has been released some days ago and fixes several security issues as 
can be seen at https://github.com/FreeRDP/FreeRDP/blob/2.0.0/ChangeLog.
  However Ubuntu and in particular 20.04 does not yet provide the released 
version but uses an outdated version.
  Please upgrade to the released version of FreeRDP before releasing 20.04.
  Thanks, Joachim

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freerdp2/+bug/1873514/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to