diff options
author | Markus Koschany <apo@debian.org> | 2020-10-10 18:30:29 +0200 |
---|---|---|
committer | Markus Koschany <apo@debian.org> | 2020-10-10 18:30:29 +0200 |
commit | a98adf9a15630dd967b99fff0b433eced8e9cd6a (patch) | |
tree | 43641d94342446cafb043287d0f5fb2ad96ce265 /data/dla-needed.txt | |
parent | 9c60750b704fc70869615edad6cdb7d66e9f55ff (diff) |
Correct note about guacamole-client in dla-needed.txt.
Bug is in guacamole-server and Debian actually ships it.
Diffstat (limited to 'data/dla-needed.txt')
-rw-r--r-- | data/dla-needed.txt | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 067d8098f7..060298ce1b 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -76,12 +76,10 @@ golang-1.8 -- golang-golang-x-net-dev -- -guacamole-client (Markus Koschany) - NOTE: 20201010: Open CVE do not affect the client. Reported my findings to - NOTE: the maintainers and the security team. Waiting for feedback. I am - NOTE: inclined to mark the package as EOL anyway because the client is - NOTE: incompatible with the secure 1.2.0 server version and due to the lack of - NOTE: maintainance in Debian. +guacamole-server (Markus Koschany) + NOTE: 20201010: Reported my findings to the maintainers and the + NOTE: security team. Waiting for feedback. CVE is in guacamole-server not in + NOTE: guacamole-client. Backporting the upstream patch seems viable. -- jupyter-notebook NOTE: 20200711: Vulnerable to (at least) CVE-2018-19351. (lamby) |