Xpra: Ticket #1217: security issues in rencode
Just reported two security issues in rencode:
For our use case, I believe this can just cause a server crash, I don't think we leak parsed data from packets back to the user - but maybe disconnection messages? (those would need to be trimmed)
Thu, 09 Jun 2016 05:03:48 GMT - Antoine Martin: status changed
- status
changed from new to assigned
The first bug is now fixed and version 1.0.5 will include it, the second one was already fixed in rencode 1.0.4. (my bad)
Until 1.0.5 is officially released (new blocker: https://github.com/aresch/rencode/archive/a5ab0fb6c3603d1e9c53e2cfc262b2288d2912d8.zip.
Tue, 12 Jul 2016 16:52:22 GMT - Antoine Martin: milestone changed
- milestone
changed from 0.18 to 1.0
Milestone renamed
Sat, 16 Jul 2016 19:31:57 GMT - Antoine Martin: owner, status changed
- owner
changed from Antoine Martin to Smo
- status
changed from assigned to new
This is all fixed in https://github.com/aresch/rencode/issues/10)
@smo: time to update.
Tue, 02 Aug 2016 10:06:15 GMT - Antoine Martin:
- r13120 updates the debian repos to use 1.0.5
- r13129 removes rencode from our source tree
Thu, 11 Aug 2016 16:37:15 GMT - Smo: status changed; resolution set
- status
changed from new to closed
- resolution
set to fixed
All updated.
Sat, 23 Jan 2021 05:18:10 GMT - migration script:
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1217