Bug 20518

Summary: xrdp new security issue CVE-2017-6967
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: David Walser <luigiwalser>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: mageia, marja11
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: xrdp-0.9.1-1.mga6.src.rpm CVE: CVE-2017-6967
Status comment:

Description David Walser 2017-03-18 23:49:40 CET 
A security issue in xrdp has been announced on March 17:
http://openwall.com/lists/oss-security/2017/03/18/1

They link to a proposed fix, but it's not committed upstream and doesn't quite apply to the current version (the first two files' changes do, but the third doesn't).
Comment 1 Marja Van Waes 2017-03-19 17:24:05 CET 
Assigning to the registered maintainer.

CC: (none) => marja11
Assignee: bugsquad => luigiwalser

Nicolas Lécureuil 2017-04-25 15:06:24 CEST

CC: (none) => mageia
CVE: (none) => CVE-2017-6967

Comment 2 Nicolas Lécureuil 2017-04-25 15:30:55 CEST 
fixed on cauldron.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 3 David Walser 2017-04-26 02:07:57 CEST 
Thanks.  It still needs to be resynced with Fedora too.