Accepted guacamole-server 0.9.9-2+deb9u1 (source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 06 Nov 2020 22:44:56 +0100
Source: guacamole-server
Binary: libguac-dev guacd libguac-client-rdp0 libguac-client-ssh0 libguac-client-vnc0 libguac-client-telnet0 libguac11
Architecture: source
Version: 0.9.9-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Remote Maintainers <pkg-remote-team@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
guacd - HTML5 web application for accessing remote desktops (proxy daemon
libguac-client-rdp0 - HTML5 web application for accessing remote desktops (RDP support)
libguac-client-ssh0 - HTML5 web application for accessing remote desktops (SSH support)
libguac-client-telnet0 - HTML5 web application for accessing remote desktops (Telnet suppo
libguac-client-vnc0 - HTML5 web application for accessing remote desktops (VNC support)
libguac-dev - Guacamole proxy daemon (core library headers)
libguac11 - HTML5 web application for accessing remote desktops (library)
Changes:
guacamole-server (0.9.9-2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2020-9498:.
Apache Guacamole may mishandle pointers involved in processing data
received via RDP static virtual channels. If a user connects to a malicious
or compromised RDP server, a series of specially-crafted PDUs could result
in memory corruption, possiblyi allowing arbitrary code to be executed with
the privileges of the running guacd process.
* Fix CVE-2020-9497:
Apache Guacamole does not properly validate data received from RDP servers
via static virtual channels. If a user connects to a malicious or
compromised RDP server, specially-crafted PDUs could result in disclosure
of information within the memory of the guacd process handling the
connection.
Checksums-Sha1:
9075d83ed55dfce070183c6f77c5bb7053c98649 2778 guacamole-server_0.9.9-2+deb9u1.dsc
a1ab3bf1e39291e318182b85055587fd98b39de1 679797 guacamole-server_0.9.9.orig.tar.gz
58dcdff36cf314baeae2343d08af98aacca66e80 15856 guacamole-server_0.9.9-2+deb9u1.debian.tar.xz
5ed4737bde9cb14df822196afbd98d6c106c1772 17687 guacamole-server_0.9.9-2+deb9u1_amd64.buildinfo
Checksums-Sha256:
7dfaf077c3e92edf9a9ef014b5e73419a5f3bc6345c4d398e4ddcd326dc00675 2778 guacamole-server_0.9.9-2+deb9u1.dsc
4263e78c7f7c6fe04bd4bbe96634aa612ae67e4ce64fdc4feb8d16ce70e724ff 679797 guacamole-server_0.9.9.orig.tar.gz
5d922e64996e84c3b0fbbae92b9f6d3b50aef4d5c6a8b012ecf06ce079ae4a50 15856 guacamole-server_0.9.9-2+deb9u1.debian.tar.xz
26889f752086fe7256432b1384239ae71e03aebfec713a3c05bc891f4f14feb8 17687 guacamole-server_0.9.9-2+deb9u1_amd64.buildinfo
Files:
b91e357228e2b4947b677b703fdde804 2778 net extra guacamole-server_0.9.9-2+deb9u1.dsc
cce818bfcba35fe0456b45d988118893 679797 net extra guacamole-server_0.9.9.orig.tar.gz
744e604c0baafa53d0edf31aeba69b8d 15856 net extra guacamole-server_0.9.9-2+deb9u1.debian.tar.xz
728d1e1bb6962124b974fcc8b767e988 17687 net extra guacamole-server_0.9.9-2+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl+lyEpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk+g4P/RK4phFt3UzzGT64r8652hikfsy+KIIYHUti
2cVUQuxS+THFHcwLBG7lpnPEVZpJUIB9UbtDpTjce/RGz3hDPrhl4mdIBcizyKcW
LjbxK72pWsFhv0z2DStoeJO/QychU66Po5TbFxzjh+bmR7z0Z7vGDk4A0kJQLcp/
VqLry+PzdvowOizYix56TjPCp/1Y+s9QJzWpHMA7vaNPntdd6R/w48//6phcB9r9
nA5b2jgHOGY10XjNDyJxHRrlq0bDpNpcVijM2Tb1gt7zic+j63thikPoPf6SUqMj
3kvKHvOC1+QtImEZuojkCGkAXgftEOZtcFvhdG+uFLZMCxV1X409tW9essMoVN12
2qwMQoSl0aqV6KsMgxDnZOO1E/0bQhRkJiElMDvjK8sURZlXdEO1VaCtksiBjMHA
reY95+GQZ3mKU0rBQpV+UiqhuY8o8o/W388wAGHSXeFQLo9lj0VJYc9RjirLXTky
7M++HSn6auvvEgW0aWjrd5RqXqh9ZXxduNRsUurQEvi1IXAev9oAOiBbZnD8q++l
/lIuJug73WiT2u06SWDw8kQtJb9v2Klgi6bLTP+9tTk26O+tXbqupeUzxIS9QWCx
A3ky3Nf6TIb9IQV4r583kIEyEo6pj1ev2zzBiFqR+t25NZYs3scFQLiJ64jGOXvZ
LAQ2SGAX
=/7JG
-----END PGP SIGNATURE-----