[Git][security-tracker-team/security-tracker][master] reserve DLA-1666-1 for freerdp
Mike Gabriel
sunweaver at debian.org
Wed Feb 6 23:08:53 GMT 2019
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d0f22b0f by Mike Gabriel at 2019-02-06T23:08:38Z
reserve DLA-1666-1 for freerdp
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[07 Feb 2019] DLA-1666-1 freerdp - security update
+ {CVE-2018-8786 CVE-2018-8787 CVE-2018-8789}
+ [jessie] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13~deb8u3
[06 Feb 2019] DLA-1665-1 netmask - security update
[jessie] - netmask 2.3.12+deb8u1
[06 Feb 2019] DLA-1664-1 golang - security update
=====================================
data/dla-needed.txt
=====================================
@@ -35,31 +35,6 @@ faad2 (Hugo Lefeuvre)
firmware-nonfree
NOTE: needed by sponsors
--
-freerdp (Mike Gabriel)
- NOTE: 20181202: Mike is uploader, so he should probably take this. (Thorsten)
- NOTE: 20181203: freerdp (v1.1) is a mostly unmaintained branch upstream. I will ask upstream
- NOTE: 20181203: about possibility of paid patch backporting. FreeRDP is a fast moving target
- NOTE: 20181203: and most patches don't apply anymore. Furthermore, FreeRDP v1.1 does not work
- NOTE: 20181203: with recent Windows RDP servers anymore (proto / crypto changes on the Microsoft
- NOTE: 20181203: side). Other option: backport FreeRDPv2 to jessie (and stretch first).
- NOTE: 20181205: Phone call with Bernhard Miklautz (FreeRDP upstream). It is possible to get FreeRDP
- NOTE: 20181205: v1.1 functional again. He will go over the required patches and we aim at
- NOTE: 20181205: updating the github.com/FreeRDP/FreeRDP 1.1 branch that contains all the
- NOTE: 20181205: patches needed for producing a secured and functional stretch-security and jessie-security
- NOTE: 20181205: upload package.
- NOTE: 20181213: Ubuntu developer Alex Murray backported all open CVE fixes.
- NOTE: 20181213: https://salsa.debian.org/debian-remote-team/freerdp-1.1-legacy/commit/aadb4fa248f1f9dcdd9dec7dce7515f054232f2d
- NOTE: 20181213: W-I-P: backporting https://github.com/FreeRDP/FreeRDP/pull/4499 (and at least two other commits)
- NOTE: 20181220: Current work status for a stretch-pu (jessie-lts will be +/- the same version) pushed to:
- NOTE: 20181220: https://salsa.debian.org/debian-remote-team/freerdp-1.1-legacy/tree/debian/stretch/updates/debian
- NOTE: 20181220: Problematic is the usage of WinPR_Digest_*() functions. Feedback request to upstream on how to proceed
- NOTE: 20181220: pending...
- NOTE: 20181220: stretch-pu pre-approval: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916912
- NOTE: 20181221: Bernhard Miklautz has worked on replacing the above mentioned WinPR_Digest_*() calls by direct OpenSSL
- NOTE: 20181221: calls. Code status: it builds. Work on this will be continued in January.
- NOTE: 20190111: Status update: https://sunweavers.net/blog/node/81
- NOTE: 20190131: We've got feedback from the stable release team: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916912#15
---
ghostscript (Emilio)
--
gnutls28
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0f22b0fb43a14f477a87bdd73bb10eeb97871cf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0f22b0fb43a14f477a87bdd73bb10eeb97871cf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190206/e595d6cf/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list