On Tue, Jun 11, 2019 at 09:22:30PM +0200, Salvatore Bonaccorso wrote: > Source: rdesktop > Version: 1.8.4-1 > Severity: grave > Tags: security upstream fixed-upstream > Justification: user security hole > Control: fixed -1 1.8.6-1 > > Hi > > 1.8.6-1 mentions a new upstream release with many security fixes, but > none of those apparently have (yet) a CVE. Filling this bug for having > an unique identifier for the tracker in meanwhile. > > Reference: > https://tracker.debian.org/news/1041036/accepted-rdesktop-186-1-source-into-unstable/
AFAICS there is not clear information on which issues are fixed exactly, https://groups.google.com/forum/#!topic/rdesktop-announce/czgpKDfm2D0 is a bit scarce on information. Probably if we are going to release a stretch-security update it might be worth doing an import of 1.8.6 for the security update itself and moving from 1.8.4-1~deb9u1 to the new upstream version. Regards, Salvatore
