--- Begin Message ---
Subject: |
FreeRDP CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 |
Date: |
Thu, 3 Aug 2017 18:05:29 -0400 |
User-agent: |
Mutt/1.8.3 (2017-05-23) |
The bugs corresponding to CVE-2017-2834 CVE-2017-2835 CVE-2017-2836
CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 were recently fixed in the
FreeRDP Git repo:
https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c
The most serious of these bugs allow the remote server (or any server in
between) to execute arbitrary code on your machine.
However, these changes do not apply cleanly to our version of FreeRDP. I
don't have to port these changes back right now.
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#27939: FreeRDP CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 |
Date: |
Fri, 04 Aug 2017 01:22:01 +0200 |
User-agent: |
Notmuch/0.25 (https://notmuchmail.org) Emacs/25.2.1 (x86_64-unknown-linux-gnu) |
Leo Famulari <address@hidden> writes:
> The bugs corresponding to CVE-2017-2834 CVE-2017-2835 CVE-2017-2836
> CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 were recently fixed in the
> FreeRDP Git repo:
>
> https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c
>
> The most serious of these bugs allow the remote server (or any server in
> between) to execute arbitrary code on your machine.
Yikes! Thanks for the heads-up.
I went ahead and updated to the 2.0.0 rc which contain this fix in
c89091459f24dee4ba4959d65e38589efc1d8d9e.
signature.asc
Description: PGP signature
--- End Message ---