Bug#884483: stretch-pu: package xrdp/0.9.1-9+deb9u1
Control: tags -1 + pending
On Sun, 2018-02-18 at 15:02 +0100, Salvatore Bonaccorso wrote:
> Hi Dominik,
>
> On Sat, Jan 13, 2018 at 06:26:28PM +0100, Julien Cristau wrote:
> > Control: tag -1 confirmed
> >
> > On Fri, Dec 15, 2017 at 19:41:29 +0100, Dominik George wrote:
> >
> > > Package: release.debian.org
> > > Severity: normal
> > > Tags: stretch
> > > User: release.debian.org@packages.debian.org
> > > Usertags: pu
> > >
> > > Hi,
> > >
> > > I'd like to update xrdp in stretch for two important bugs:
> > >
> > > 1. #882463, CVE-2017-16927: Local DoS
> > > Security team says it's not critical enough for stretch-
> > > security and I should instead
> > > target stretch-pu (although I disagree).
> > >
> > > 2. #884453, High CPU load in ssl_tls_accept
> > > Remote users could use up quite a lot or all system resources
> > > by keeping TLS contexts
> > > in a certain state.
> > >
> >
> > Looks ok, please go ahead.
>
> Above Julien confirmed to upload. Would be good to see the fix
> landing
> in the next stretch point release, can you upload, or were there any
> problems with the fix?
>
Uploaded and flagged for acceptance.
Regards,
Adam
Reply to: