[Git][security-tracker-team/security-tracker][master] Correct note about guacamole-client in dla-needed.txt.

Sat Oct 10 17:31:04 BST 2020


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a98adf9a by Markus Koschany at 2020-10-10T18:30:29+02:00
Correct note about guacamole-client in dla-needed.txt.

Bug is in guacamole-server and Debian actually ships it.

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -76,12 +76,10 @@ golang-1.8
 --
 golang-golang-x-net-dev
 --
-guacamole-client (Markus Koschany)
-  NOTE: 20201010: Open CVE do not affect the client. Reported my findings to
-  NOTE: the maintainers and the security team. Waiting for feedback. I am
-  NOTE: inclined to mark the package as EOL anyway because the client is
-  NOTE: incompatible with the secure 1.2.0 server version and due to the lack of
-  NOTE: maintainance in Debian.
+guacamole-server (Markus Koschany)
+  NOTE: 20201010: Reported my findings to the maintainers and the
+  NOTE: security team. Waiting for feedback. CVE is in guacamole-server not in
+  NOTE: guacamole-client. Backporting the upstream patch seems viable.
 --
 jupyter-notebook
   NOTE: 20200711: Vulnerable to (at least) CVE-2018-19351. (lamby)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a98adf9a15630dd967b99fff0b433eced8e9cd6a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a98adf9a15630dd967b99fff0b433eced8e9cd6a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201010/a4e1193b/attachment.html>
