FS#38802 : [freerdp] security patch for CVE-2014-0791

FS#38802 - [freerdp] security patch for CVE-2014-0791

Attached to Project: Community Packages
Opened by RbN (RbN) - Wednesday, 05 February 2014, 15:32 GMT
Last edited by Felix Yan (felixonmars) - Sunday, 13 April 2014, 09:24 GMT

Task Type	Bug Report
Category	Packages
Status	Closed
Assigned To	Sergej Pupykin (sergej) Felix Yan (felixonmars)
Architecture	All
Severity	Critical
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
"integer overflow in heap allocation in license_read_scope_list()"

RedHat bug entry [0]

Resolution:
patch [1]

Ressources:
[0] https://bugzilla.redhat.com/show_bug.cgi?id=998941
[1] https://bugzilla.redhat.com/attachment.cgi?id=844423

This task depends upon

Closed by Felix Yan (felixonmars)
Sunday, 13 April 2014, 09:24 GMT
Reason for closing: Implemented
Additional comments about closing: 1.0.2-5

Comment by Daniel Micay (thestinger) - Tuesday, 08 April 2014, 19:16 GMT

Upgrading this to critical, because heap overflow vulnerabilities are not theoretical exploit vectors. Rather than porting a fix to the old version, it might make more sense to simply follow master because the project does not seem to have a sane release policy.

Comment by Felix Yan (felixonmars) - Wednesday, 09 April 2014, 11:44 GMT

Bumped a patched version to [community-testing], please test if it has any side effect, thanks.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#38802 - [freerdp] security patch for CVE-2014-0791

Details

Loading...