Hi Tim, > Please denote whether the following vulnerabilities and exposures are > resolved with the current cvs version (i.e. anything post v0.4.1).... > > .) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5904 > CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend) > buffer overflow
http://xrdp.cvs.sourceforge.net/viewvc/xrdp/xrdp/rdp/rdp_rdp.c?r1=1.9.2.1&r2=1.9.2.2 Fixed since 0.4.1. > .) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5903 > CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend) > remote attackers can execute arbitrary code This function is no longer in funcs.c. It was moved to xrdp_bitmap.c and there are checks now for edit_pos boundaries. > > .) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5902 > CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend) > buffer overflow http://xrdp.cvs.sourceforge.net/viewvc/xrdp/xrdp/xrdp/xrdp_bitmap.c?r1=1.43&r2=1.44 Fixed since 0.4.1. Jay ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ xrdp-devel mailing list xrdp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xrdp-devel
