Document vulnerability CVE-2020-9497, fixed in 1.2.0.

commit: f99ee68a4a6231014f9b5a38e90655a49db2d505 [log] [tgz]
author: Michael Jumper <mjumper@apache.org> Sun Jun 28 17:24:25 2020 -0700
committer: Michael Jumper <mjumper@apache.org> Wed Jul 01 20:21:07 2020 -0700
tree: 9d3b4856ea520f505995e1cf3bbff7a167db1934
parent: 149e3bb8600d9c2d54781261fa74afe53dbc0941 [diff]
diff --git a/_security/CVE-2020-9497.md b/_security/CVE-2020-9497.md
new file mode 100644
index 0000000..633ba70
--- /dev/null
+++ b/_security/CVE-2020-9497.md

@@ -0,0 +1,14 @@
+---
+title: Improper input validation of RDP static virtual channels
+cve:   CVE-2020-9497
+fixed: 1.2.0
+---
+
+Apache Guacamole 1.1.0 and older do not properly validate data received from
+RDP servers via static virtual channels. If a user connects to a malicious or
+compromised RDP server, specially-crafted PDUs could result in disclosure of
+information within the memory of the guacd process handling the connection.
+
+Acknowledgements: We would like to thank the GitHub Security Lab and Eyal Itkin
+(Check Point Research) for reporting this issue.
+
commit	f99ee68a4a6231014f9b5a38e90655a49db2d505	[log] [tgz]
author	Michael Jumper <mjumper@apache.org>	Sun Jun 28 17:24:25 2020 -0700
committer	Michael Jumper <mjumper@apache.org>	Wed Jul 01 20:21:07 2020 -0700
tree	9d3b4856ea520f505995e1cf3bbff7a167db1934
parent	149e3bb8600d9c2d54781261fa74afe53dbc0941 [diff]