./net/rdesktop, Open-source Remote Desktop Protocol client

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2008Q1, Version: 1.5.0nb4, Package name: rdesktop-1.5.0nb4, Maintainer: grant

rdesktop is an open-source RDP client for connecting to Windows NT,
2000, XP and 2003 Server terminal servers.


Master sites: (Expand)

SHA1: e3086bf865191eed41631813125f482e279c7f3d
RMD160: 350e08166d0b7620b4ed9c6594addae7ec53d15a
Filesize: 239.392 KB

Version history: (Expand)


CVS history: (Expand)


   2008-05-11 11:25:19 by Geert Hendrickx | Files touched by this commit (9)
Log message:
Pullup ticket 2368 - requested by tonnerre
security fix for rdesktop

- pkgsrc/net/rdesktop/Makefile				1.34
- pkgsrc/net/rdesktop/distinfo				1.18
- pkgsrc/net/rdesktop/patches/patch-ac			1.5
- pkgsrc/net/rdesktop/patches/patch-ad			1.1
- pkgsrc/net/rdesktop/patches/patch-ae			1.1
- pkgsrc/net/rdesktop/patches/patch-af			1.1
- pkgsrc/net/rdesktop/patches/patch-ag			1.1
- pkgsrc/net/rdesktop/patches/patch-ah			1.1
- pkgsrc/net/rdesktop/patches/patch-ai			1.1

   Module Name:		pkgsrc
   Committed By:	tonnerre
   Date:		Sat May 10 15:28:04 UTC 2008

   Modified Files:
	   pkgsrc/net/rdesktop: Makefile distinfo
   Added Files:
	   pkgsrc/net/rdesktop/patches: patch-ac patch-ad patch-ae patch-af
	       patch-ag patch-ah patch-ai

   Log message:
   Add patches required to fix CVE-2008-180[123], taken from rdesktop CVS.

   1) An integer underflow error in iso.c when processing RDP requests can
      be exploited to cause a heap-based buffer overflow.
   2) An input validation error in rdp.c when processing RDP redirect
      requests can be exploited to cause a BSS-based buffer overflow.
   3) A signedness error within "xrealloc()" in rdesktop.c can be exploited
      to cause a heap-based buffer overflow.