Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 11 Jul 2013 12:48:19 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Jan Lieskovsky <jlieskov@...hat.com>,
        "Steven M. Christey" <coley@...us.mitre.org>,
        Marc-André Moreau <marcandre.moreau@...il.com>,
        Bernhard Miklautz <bmiklautz@...nstuff.at>,
        Martin Fleisz <mfleisz@...nstuff.at>
Subject: Re: CVE Request -- FreeRDP: Multiple security fixes
 in 1.1.0-beta1 version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/10/2013 07:10 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
> 
> (some time ago) FreeRDP upstream has released 1.1.0-beta1 version: 
> [1] http://sourceforge.net/mailarchive/message.php?msg_id=30591956
> 
> correcting multiple security flaws: * library / client side fixes: 
> https://github.com/FreeRDP/FreeRDP/pull/887

Can someone from upstream confirm if these are hardening or a security
fix?

> https://github.com/FreeRDP/FreeRDP/commit/0dc22d5a30a1c7d146b2a835b2032668127c33e9

Can
> 
someone from upstream confirm if these are hardening or a security
fix?

> https://github.com/FreeRDP/FreeRDP/commit/bceec083677a609ba2f06cc75924ab0accac5388

Can
> 
someone from upstream confirm if these are hardening or a security
fix?

> * server side fixes: 
> https://github.com/FreeRDP/FreeRDP/commit/7d58aac24fe20ffaad7bd9b40c9ddf457c1b06e7

Please
> 
use CVE-2013-4118 for this issue.

> https://github.com/FreeRDP/FreeRDP/commit/0773bb9303d24473fe1185d85a424dfe159aff53

Please
> 
use CVE-2013-4119 for this issue.


> CC-ed Marc-Andre, Bernhard and Martin of FreeRDP upstream to
> clarify if the above list of patches is complete wrt to security
> fixes, corrected within 1.0.1-beta1 version. Marc-Andre, Bernhard,
> Martin, please complete the set of security fixes if / where
> necessary.
> 
> Kurt / Steve, could you allocate CVE ids for these?
> 
> Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
> Security Response Team
> 
> P.S.: Thanks goes to Florian Weimer of Red Hat Product Security
> Team for pointing these out.
> 


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR3v3zAAoJEBYNRVNeJnmTVfwQAL68o31SjenHZ6/4w8cfLhaO
JeD1V6vaSj8WZdWXLivMo99naYhEd185EMzGZPXapGWkZ1viVoL/q9lWFT6UHRfE
hhwmmhbRoBv0zeCrwQe+puNWV5WyVpy6dEczJh/sDacMLNPBlW35EnBtckV7tZSw
xLHK/SqOEjcbq5xCtXWIYKgHBLN3PWIuEhmghPCcshg7v/K1QmtlpQzdQyv5Gw5P
xVvTjHM3aUJJBztR4OGQRybsL5CH61GiDUYGbFd2Uo5IWDjq8pMp0JddNgjocw9m
x2wzwQual+zNjHhx+8oiJm9xCN21MnGNO1d14yPxVdibNKHSMzBI6i7xxOkeRb3x
Mc/uJt3Vq3VeuTlmv3oO0Nr0UGWk/1AK0T1+CjqZpIbI4UKdiRhliI8QMjEFbSQZ
c05iOou7aTOEZtHjxEkG47zLSx1/80u+ctK2tsVqb5RlfgX2w/fAUXnRrW0rvF8N
Kq9mUJy7iS24v/rS5p3IxLJ2qGeKW+LqZTdXv1RIlu4Rno8dPbaG+zvpS5eWOSoA
rYBljsKcWURUuJ6dLLH42yQoSRWe6XdZXhzJpyIJtadXbNWWRJS2nKEA4BJ8mjod
8rwi3V4EEeHwUDXVPMm+1AgDQD6PJeH2t4K/gh5My5Rr6L8oKqqGTQsHG0HxqA0O
CZV6W6lhLF0rZKu3TfvZ
=hL5K
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.