Wednesday, May 28, 2008

Security Fix: RDesktop

One security fix and two updated packages get it's way through -Current and also -Stable today. The security fix was released for rdesktop application, while mkinitrd and ktorrent gets a updated version.
Tue May 27 22:12:01 CDT 2008
a/mkinitrd-1.3.2-i486-3.tgz: Initialize RAID earlier so that the combination of RAID+LUKS+LVM works. Thanks to Eric Hameleers.

xap/rdesktop-1.6.0-i486-1.tgz: Upgraded to rdesktop-1.6.0.
According to the rdesktop ChangeLog, this contains a: "* Fix for potential vulnerability against compromised/malicious servers (reported by iDefense)"
This package build also includes the new alsa driver (--with-sound=alsa), though I couldn't get local sound redirection. Perhaps it was just my command line error though, so the driver remains included for testing.
For more information on the security issue, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1801
(* Security fix *)

extra/ktorrent/ktorrent-2.2.7-i486-1.tgz: Upgraded to ktorrent-2.2.7.