Date: Fri, 17 Mar 2017 18:12:02 -0700 From: Seth Arnold <seth.arnold@...onical.com> To: oss-security@...ts.openwall.com Cc: security@...ntu.com Subject: CVE-2017-6967 xrdp PAM auth_start_session() Hello, CVE-2017-6967 has been assigned to xrdp for an incorrect placement of auth_start_session(). Full details are at: https://github.com/neutrinolabs/xrdp/issues/350 https://github.com/neutrinolabs/xrdp/pull/694 https://github.com/neutrinolabs/xrdp/pull/695 https://bugs.launchpad.net/ubuntu/+source/xrdp/+bug/1672742 I believe this is the change upstream has chosen to use: https://github.com/neutrinolabs/xrdp/pull/696/commits/44129acd210c803fc8bbcfaf1b0db05e5bb4034f Thanks [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ