Xpra: Ticket #1217: security issues in rencode

Just reported two security issues in rencode:

For our use case, I believe this can just cause a server crash, I don't think we leak parsed data from packets back to the user - but maybe disconnection messages? (those would need to be trimmed)



Thu, 09 Jun 2016 05:03:48 GMT - Antoine Martin: status changed

The first bug is now fixed and version 1.0.5 will include it, the second one was already fixed in rencode 1.0.4. (my bad)

Until 1.0.5 is officially released (new blocker: https://github.com/aresch/rencode/archive/a5ab0fb6c3603d1e9c53e2cfc262b2288d2912d8.zip.


Tue, 12 Jul 2016 16:52:22 GMT - Antoine Martin: milestone changed

Milestone renamed


Sat, 16 Jul 2016 19:31:57 GMT - Antoine Martin: owner, status changed

This is all fixed in https://github.com/aresch/rencode/issues/10)

@smo: time to update.


Tue, 02 Aug 2016 10:06:15 GMT - Antoine Martin:


Thu, 11 Aug 2016 16:37:15 GMT - Smo: status changed; resolution set

All updated.


Sat, 23 Jan 2021 05:18:10 GMT - migration script:

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1217