Just reported two security issues in rencode:
For our use case, I believe this can just cause a server crash, I don't think we leak parsed data from packets back to the user - but maybe disconnection messages? (those would need to be trimmed)
The first bug is now fixed and version 1.0.5 will include it, the second one was already fixed in rencode 1.0.4. (my bad)
Until 1.0.5 is officially released (new blocker: https://github.com/aresch/rencode/archive/a5ab0fb6c3603d1e9c53e2cfc262b2288d2912d8.zip.
This is all fixed in https://github.com/aresch/rencode/issues/10)
@smo: time to update.
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1217