Bug#859136: guacamole-client: CVE-2020-9497 and CVE-2020-9498
carnil at debian.org
Sat Oct 10 18:50:32 BST 2020
On Sat, Oct 10, 2020 at 02:51:40PM +0200, Markus Koschany wrote:
> Then I also looked into CVE-2016-1566. It appears to me the current
> version in stretch and unstable has already been fixed.
> is the fixing commit, then it is already included in version 0.9.9+dfsg-1
Prompted by your question I double-checked this. In fact the versions
released in Debian never contained the vulnerability, so marked it as
such, thanks for the note.
Reason: the earlier version did not contain the code, and the next one
uploaded to unstable was 0.9.9+dfsg-1 which contained the fully fixed
have released twice 0.9.9 (once broken and once fixed).
More information about the pkg-remote-team