[Git][security-tracker-team/security-tracker][master] Add new freerdp2 issues

Salvatore Bonaccorso Fri, 29 May 2020 12:56:49 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
985baacf by Salvatore Bonaccorso at 2020-05-29T21:55:28+02:00
Add new freerdp2 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7185,16 +7185,41 @@ CVE-2020-11091
        RESERVED
 CVE-2020-11090
        RESERVED
-CVE-2020-11089
+CVE-2020-11089 [oob read in channel `irp` functions]
        RESERVED
-CVE-2020-11088
+       - freerdp2 2.1.1+dfsg1-1
+       [buster] - freerdp2 <no-dsa> (Minor issue)
+       - freerdp <removed>
+       [stretch] - freerdp <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h
+CVE-2020-11088 [Out of bound read in ntlm_read_NegotiateMessage]
        RESERVED
-CVE-2020-11087
+       - freerdp2 2.1.1+dfsg1-1
+       [buster] - freerdp2 <no-dsa> (Minor issue)
+       - freerdp <removed>
+       [stretch] - freerdp <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp
+CVE-2020-11087 [oob read in `ntlm_read_AuthenticateMessage`]
        RESERVED
-CVE-2020-11086
+       - freerdp2 2.1.1+dfsg1-1
+       [buster] - freerdp2 <no-dsa> (Minor issue)
+       - freerdp <removed>
+       [stretch] - freerdp <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7
+CVE-2020-11086 [oob read in `ntlm_read_ntlm_v2_response`]
        RESERVED
-CVE-2020-11085
+       - freerdp2 2.1.1+dfsg1-1
+       [buster] - freerdp2 <no-dsa> (Minor issue)
+       - freerdp <removed>
+       [stretch] - freerdp <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974
+CVE-2020-11085 [cliprdr_read_format_list out of bound read]
        RESERVED
+       - freerdp2 2.1.1+dfsg1-1
+       [buster] - freerdp2 <no-dsa> (Minor issue)
+       - freerdp <removed>
+       [stretch] - freerdp <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf
 CVE-2020-11084
        RESERVED
 CVE-2020-11083
@@ -7334,6 +7359,11 @@ CVE-2020-11044 (In FreeRDP greater than 1.2 and before 
2.0.0, a double free in u
        NOTE: https://github.com/FreeRDP/FreeRDP/issues/6013
 CVE-2020-11043
        RESERVED
+       - freerdp2 2.1.1+dfsg1-1
+       [buster] - freerdp2 <no-dsa> (Minor issue)
+       - freerdp <removed>
+       [stretch] - freerdp <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84
 CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an 
out-of-bound ...)
        - freerdp2 2.1.1+dfsg1-1
        [buster] - freerdp2 <no-dsa> (Minor issue)
@@ -7349,8 +7379,13 @@ CVE-2020-11041 [Unchecked read of array offset in 
rdpsnd_recv_wave2_pdu ]
        - freerdp <removed>
        [stretch] - freerdp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w
-CVE-2020-11040
+CVE-2020-11040 [out of bound access in clear_decompress_subcode_rlex]
        RESERVED
+       - freerdp2 2.1.1+dfsg1-1
+       [buster] - freerdp2 <no-dsa> (Minor issue)
+       - freerdp <removed>
+       [stretch] - freerdp <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr
 CVE-2020-11039 [Out of bound read/write in usb redirection channel]
        RESERVED
        - freerdp2 2.1.1+dfsg1-1
@@ -7459,10 +7494,18 @@ CVE-2020-11020 (Faye (NPM, RubyGem) versions greater 
than 0.5.0 and before 1.0.4
        - ruby-faye <unfixed> (bug #959392)
        NOTE: 
https://github.com/faye/faye/security/advisories/GHSA-qpg4-4w7w-2mq5
        NOTE: 
https://github.com/faye/faye/commit/65d297d341b607f3cb0b5fa6021a625a991cc30e
-CVE-2020-11019
+CVE-2020-11019 [Out of bound read in update_recv]
        RESERVED
-CVE-2020-11018
+       - freerdp2 2.1.1+dfsg1-1
+       [buster] - freerdp2 <no-dsa> (Minor issue)
+       - freerdp <removed>
+       [stretch] - freerdp <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh
+CVE-2020-11018 [Out of bound read in cliprdr_server_receive_capabilities]
        RESERVED
+       - freerdp2 2.1.1+dfsg1-1
+       - freerdp <removed>
+       NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw
 CVE-2020-11017 [Double free in cliprdr_server_receive_capabilities]
        RESERVED
        - freerdp2 2.1.1+dfsg1-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/985baacf8210f4a2fe56ce7936e341bbae424cc3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/985baacf8210f4a2fe56ce7936e341bbae424cc3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add new freerdp2 issues

Reply via email to