Fedora has issued an advisory on March 2: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/224N7GISQTWD7COYGTR35MACQJ7NUGJD/ In: https://bugs.mageia.org/show_bug.cgi?id=24074#c12 I thought we already fixed it in the last update, but Fedora says they needed a post-rc4 update to fix it, so maybe I was wrong.
CC: (none) => geiger.david68210Whiteboard: (none) => MGA6TOO
That I see is that the commit https://github.com/FreeRDP/FreeRDP/commit/205c612820dac644d665b5bb1cdf437dc5ca01e3 fixes this CVE-2018-1000852 and this fix is already included in freerdp-2.0.0-rc4 https://nvd.nist.gov/vuln/detail/CVE-2018-1000852
Yeah that's what I thought, and I had probably even checked that the first time I looked at it. I don't understand this: https://src.fedoraproject.org/cgit/rpms/freerdp.git/commit/?id=ff3abd148b05ea0e2a12ef41e7d4b96c7836f506
I don't understand too! it is unneeded to update to latest git snapshot and maybe a rc5 will come soon as there is a bunch of commits.
OK, I'll close this bug, but maybe when rc5 comes out we can push it as a bugfix update.
Resolution: (none) => INVALIDStatus: NEW => RESOLVED
(In reply to David Walser from comment #4) > OK, I'll close this bug, but maybe when rc5 comes out we can push it as a > bugfix update. yes absolutely!