xpra icon
Bug tracker and wiki

Opened 4 years ago

Closed 4 years ago

#1217 closed task (fixed)

security issues in rencode

Reported by: Antoine Martin Owned by: Smo
Priority: critical Milestone: 1.0
Component: core Version: trunk
Keywords: Cc:


Just reported two security issues in rencode:

For our use case, I believe this can just cause a server crash, I don't think we leak parsed data from packets back to the user - but maybe disconnection messages? (those would need to be trimmed)

Change History (5)

comment:1 Changed 4 years ago by Antoine Martin

Status: newassigned

The first bug is now fixed and version 1.0.5 will include it, the second one was already fixed in rencode 1.0.4. (my bad)

Until 1.0.5 is officially released (new blocker: https://github.com/aresch/rencode/issues/9), here's a download link: https://github.com/aresch/rencode/archive/a5ab0fb6c3603d1e9c53e2cfc262b2288d2912d8.zip.

comment:2 Changed 4 years ago by Antoine Martin

Milestone: 0.181.0

Milestone renamed

comment:3 Changed 4 years ago by Antoine Martin

Owner: changed from Antoine Martin to Smo
Status: assignednew

This is all fixed in version 1.0.5, bumped for osx and rpm in r13028.

@smo: time to update.

Version 0, edited 4 years ago by Antoine Martin (next)

comment:4 Changed 4 years ago by Antoine Martin

  • r13120 updates the debian repos to use 1.0.5
  • r13129 removes rencode from our source tree

comment:5 Changed 4 years ago by Smo

Resolution: fixed
Status: newclosed

All updated.

Note: See TracTickets for help on using tickets.