emacs-bug-tracker
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debbugs-tracker] bug#27939: closed (FreeRDP CVE-2017-2834 CVE-2017-2835


From: GNU bug Tracking System
Subject: [debbugs-tracker] bug#27939: closed (FreeRDP CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839)
Date: Thu, 03 Aug 2017 23:23:02 +0000

Your message dated Fri, 04 Aug 2017 01:22:01 +0200
with message-id <address@hidden>
and subject line Re: bug#27939: FreeRDP CVE-2017-2834 CVE-2017-2835 
CVE-2017-2836       CVE-2017-2837 CVE-2017-2838 CVE-2017-2839
has caused the debbugs.gnu.org bug report #27939,
regarding FreeRDP CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 
CVE-2017-2838 CVE-2017-2839
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
27939: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=27939
GNU Bug Tracking System
Contact address@hidden with problems
--- Begin Message --- Subject: FreeRDP CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 Date: Thu, 3 Aug 2017 18:05:29 -0400 User-agent: Mutt/1.8.3 (2017-05-23)
The bugs corresponding to CVE-2017-2834 CVE-2017-2835 CVE-2017-2836
CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 were recently fixed in the
FreeRDP Git repo:

https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c

The most serious of these bugs allow the remote server (or any server in
between) to execute arbitrary code on your machine.

However, these changes do not apply cleanly to our version of FreeRDP. I
don't have to port these changes back right now.

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- Subject: Re: bug#27939: FreeRDP CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 Date: Fri, 04 Aug 2017 01:22:01 +0200 User-agent: Notmuch/0.25 (https://notmuchmail.org) Emacs/25.2.1 (x86_64-unknown-linux-gnu)
Leo Famulari <address@hidden> writes:

> The bugs corresponding to CVE-2017-2834 CVE-2017-2835 CVE-2017-2836
> CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 were recently fixed in the
> FreeRDP Git repo:
>
> https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c
>
> The most serious of these bugs allow the remote server (or any server in
> between) to execute arbitrary code on your machine.

Yikes! Thanks for the heads-up.

I went ahead and updated to the 2.0.0 rc which contain this fix in
c89091459f24dee4ba4959d65e38589efc1d8d9e.

Attachment: signature.asc
Description: PGP signature


--- End Message ---

reply via email to

[Prev in Thread] Current Thread [Next in Thread]