Current versions are now Xpra 1.0.8 LTS and 2.1.2 main branch. 2.1.2 contains "at least two critical fixes". Announcements: • http://lists.devloop.org.uk/pipermail/shifter-users/2017-September/002002.html • http://lists.devloop.org.uk/pipermail/shifter-users/2017-September/002003.html
Xpra 1.0.9 LTS and 2.1.3 have now been released. Both releases "fix some critical issues, in particular weaknesses in the initial authentication exchange. Updating immediately is very strongly recommended". • http://lists.devloop.org.uk/pipermail/shifter-users/2017-October/002028.html • http://lists.devloop.org.uk/pipermail/shifter-users/2017-October/002027.html
@arch teams: Please stable these versions for security reasons, asap.
Convertig bug to security bug.
@ Maintainer: Please add the fixed version to repository first before you call for stabilization.
(In reply to Thomas Deutschmann from comment #4) > @ Maintainer: Please add the fixed version to repository first before you > call for stabilization. Sorry, forgot to push, fixed now.
@arches: go ahead, thanks.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d464f0a9258f36ab346b2ba154c7440ff6c1d736 commit d464f0a9258f36ab346b2ba154c7440ff6c1d736 Author: Michael Weber <xmw@gentoo.org> AuthorDate: 2017-12-22 09:54:40 +0000 Commit: Michael Weber <xmw@gentoo.org> CommitDate: 2017-12-22 09:54:54 +0000 x11-wm/xpra: Version bump and invoce xdg_pkg_post* stuff in all relevant versions. Closes: https://bugs.gentoo.org/641654 Bug: https://bugs.gentoo.org/631326 Package-Manager: Portage-2.3.19, Repoman-2.3.6 x11-wm/xpra/Manifest | 1 + x11-wm/xpra/xpra-1.0.9.ebuild | 4 +- x11-wm/xpra/xpra-2.1.3.ebuild | 4 +- x11-wm/xpra/xpra-2.2.1.ebuild | 146 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 153 insertions(+), 2 deletions(-)}
amd64 stable
x86 cannot stabilize due to bug 642244.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c3ad188bc9dfb94dcc38ab58c09bbf6e4e48e054 commit c3ad188bc9dfb94dcc38ab58c09bbf6e4e48e054 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-01-14 16:11:50 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-01-14 16:22:59 +0000 x11-wm/xpra: x86 stable Bug: https://bugs.gentoo.org/631326 Package-Manager: Portage-2.3.19, Repoman-2.3.6 x11-wm/xpra/xpra-1.0.9.ebuild | 4 ++-- x11-wm/xpra/xpra-2.1.3.ebuild | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-)}
@ Maintainer(s): Please cleanup and drop =x11-wm/xpra-1.0.6 =x11-wm/xpra-2.0.2
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1cab2eb1a5e1dbc5c257c40fda200b01e0a55f96 commit 1cab2eb1a5e1dbc5c257c40fda200b01e0a55f96 Author: Michael Weber <xmw@gentoo.org> AuthorDate: 2018-01-16 22:37:13 +0000 Commit: Michael Weber <xmw@gentoo.org> CommitDate: 2018-01-16 22:37:13 +0000 x11-wm/xpra: Remove volnerable versions. Bug: https://bugs.gentoo.org/631326 Package-Manager: Portage-2.3.19, Repoman-2.3.6 x11-wm/xpra/Manifest | 2 - x11-wm/xpra/xpra-1.0.6.ebuild | 143 ------------------------------------------ x11-wm/xpra/xpra-2.0.2.ebuild | 143 ------------------------------------------ 3 files changed, 288 deletions(-)}
GLSA Vote: No Michael, thanks for the cleanup!
