Correct note about guacamole-client in dla-needed.txt.

Bug is in guacamole-server and Debian actually ships it.
author: Markus Koschany <apo@debian.org> 2020-10-10 18:30:29 +0200
committer: Markus Koschany <apo@debian.org> 2020-10-10 18:30:29 +0200
commit: a98adf9a15630dd967b99fff0b433eced8e9cd6a (patch)
tree: 43641d94342446cafb043287d0f5fb2ad96ce265 /data/dla-needed.txt
parent: 9c60750b704fc70869615edad6cdb7d66e9f55ff (diff)
1 files changed, 4 insertions, 6 deletions
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 067d8098f7..060298ce1b 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -76,12 +76,10 @@ golang-1.8
 --
 golang-golang-x-net-dev
 --
-guacamole-client (Markus Koschany)
-  NOTE: 20201010: Open CVE do not affect the client. Reported my findings to
-  NOTE: the maintainers and the security team. Waiting for feedback. I am
-  NOTE: inclined to mark the package as EOL anyway because the client is
-  NOTE: incompatible with the secure 1.2.0 server version and due to the lack of
-  NOTE: maintainance in Debian.
+guacamole-server (Markus Koschany)
+  NOTE: 20201010: Reported my findings to the maintainers and the
+  NOTE: security team. Waiting for feedback. CVE is in guacamole-server not in
+  NOTE: guacamole-client. Backporting the upstream patch seems viable.
 --
 jupyter-notebook
   NOTE: 20200711: Vulnerable to (at least) CVE-2018-19351. (lamby)
author	Markus Koschany <apo@debian.org>	2020-10-10 18:30:29 +0200
committer	Markus Koschany <apo@debian.org>	2020-10-10 18:30:29 +0200
commit	a98adf9a15630dd967b99fff0b433eced8e9cd6a (patch)
tree	43641d94342446cafb043287d0f5fb2ad96ce265 /data/dla-needed.txt
parent	9c60750b704fc70869615edad6cdb7d66e9f55ff (diff)