[Git][security-tracker-team/security-tracker][master] Process some new freerdp2 issues

Fri, 29 May 2020 12:49:49 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b2f6c532 by Salvatore Bonaccorso at 2020-05-29T21:47:46+02:00
Process some new freerdp2 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7342,14 +7342,29 @@ CVE-2020-11042 (In FreeRDP greater than 1.1 and before 
2.0.0, there is an out-of
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q
        NOTE: Fixed by: 
https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f
        NOTE: https://github.com/FreeRDP/FreeRDP/issues/6010
-CVE-2020-11041
+CVE-2020-11041 [Unchecked read of array offset in rdpsnd_recv_wave2_pdu ]
        RESERVED
+       - freerdp2 2.1.1+dfsg1-1
+       [buster] - freerdp2 <no-dsa> (Minor issue)
+       - freerdp <removed>
+       [stretch] - freerdp <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w
 CVE-2020-11040
        RESERVED
-CVE-2020-11039
+CVE-2020-11039 [Out of bound read/write in usb redirection channel]
        RESERVED
-CVE-2020-11038
+       - freerdp2 2.1.1+dfsg1-1
+       [buster] - freerdp2 <no-dsa> (Minor issue)
+       - freerdp <removed>
+       [stretch] - freerdp <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq
+CVE-2020-11038 [Integer overflow in VIDEO channel]
        RESERVED
+       - freerdp2 2.1.1+dfsg1-1
+       [buster] - freerdp2 <no-dsa> (Minor issue)
+       - freerdp <removed>
+       [stretch] - freerdp <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g
 CVE-2020-11037 (In Wagtail before versions 2.7.2 and 2.8.2, a potential timing 
attack  ...)
        NOT-FOR-US: Wagtail
 CVE-2020-11036 (In GLPI before version 9.4.6 there are multiple related stored 
XSS vul ...)
@@ -7448,8 +7463,11 @@ CVE-2020-11019
        RESERVED
 CVE-2020-11018
        RESERVED
-CVE-2020-11017
+CVE-2020-11017 [Double free in cliprdr_server_receive_capabilities]
        RESERVED
+       - freerdp2 2.1.1+dfsg1-1
+       - freerdp <removed>
+       NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c
 CVE-2020-11016 (IntelMQ Manager from version 1.1.0 and before version 2.1.1 
has a vuln ...)
        NOT-FOR-US: IntelMQ Manager
 CVE-2020-11015



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2f6c532a7b15b1421ea69d12d6cef127752f2d5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2f6c532a7b15b1421ea69d12d6cef127752f2d5
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to