Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#38802 - [freerdp] security patch for CVE-2014-0791
Attached to Project:
Community Packages
Opened by RbN (RbN) - Wednesday, 05 February 2014, 15:32 GMT
Last edited by Felix Yan (felixonmars) - Sunday, 13 April 2014, 09:24 GMT
Opened by RbN (RbN) - Wednesday, 05 February 2014, 15:32 GMT
Last edited by Felix Yan (felixonmars) - Sunday, 13 April 2014, 09:24 GMT
|
DetailsDescription:
"integer overflow in heap allocation in license_read_scope_list()" RedHat bug entry [0] Resolution: patch [1] Ressources: [0] https://bugzilla.redhat.com/show_bug.cgi?id=998941 [1] https://bugzilla.redhat.com/attachment.cgi?id=844423 |
This task depends upon
Closed by Felix Yan (felixonmars)
Sunday, 13 April 2014, 09:24 GMT
Reason for closing: Implemented
Additional comments about closing: 1.0.2-5
Sunday, 13 April 2014, 09:24 GMT
Reason for closing: Implemented
Additional comments about closing: 1.0.2-5
Comment by Daniel Micay (thestinger) -
Tuesday, 08 April 2014, 19:16 GMT
Upgrading this to critical, because heap overflow vulnerabilities are not theoretical exploit vectors. Rather than porting a fix to the old version, it might make more sense to simply follow master because the project does not seem to have a sane release policy.
Comment by Felix Yan (felixonmars) -
Wednesday, 09 April 2014, 11:44 GMT
Bumped a patched version to [community-testing], please test if it has any side effect, thanks.