Bug#964195: guacamole-client: CVE-2020-9497 and CVE-2020-9498

Control: tags -1 patch Hi, I'm attaching my patch for Stretch to this bug report. Since the versions in Stretch and unstable are identical, it should work there too. However I don't intend to NMU guacamole-server because I believe a new upstream version should be packaged instead.

Processed: Re: Bug#964195: guacamole-client: CVE-2020-9497 and CVE-2020-9498

Processing control commands: > tags -1 patch Bug #964195 [src:guacamole-server] CVE-2020-9497 CVE-2020-9498 Added tag(s) patch. -- 964195: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964195 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#964195: guacamole-client: CVE-2020-9497 and CVE-2020-9498

Hi, On Sat, Oct 10, 2020 at 06:28:39PM +0200, Markus Koschany wrote: > I somehow missed the guacamole-server package in Debian. Right, I reassigned earlier today then the bug to guacamole-server and adjusted the tracking in the security-tracker. Thanks for investigating. > Currently I > believe

Bug#964195: guacamole-client: CVE-2020-9497 and CVE-2020-9498

I somehow missed the guacamole-server package in Debian. Currently I believe it is possible to backport the patch from 1.2.0 to 0.9.9. However there is still the problem with freerdp2 (#888321), most likely a new upstream version for unstable/testing is required anyway. Markkus signature.asc

Bug#964195: guacamole-client: CVE-2020-9497 and CVE-2020-9498

Hi, I am currently investigating the security vulnerabilities in guacamole-client. I believe the reported CVE-2020-9497 and CVE-2020-9498 issues only affect the server part of guacamole but this one has not been packaged yet. The security researchers who reported the vulnerabilities have