Mike Gabriel pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
660fddf9 by Mike Gabriel at 2020-08-30T01:38:46+02:00
Reserve DLA-2356-1 for freerdp
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -25048,19 +25048,16 @@ CVE-2020-13398 (An issue was discovered in FreeRDP
before 2.1.1. An out-of-bound
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea
CVE-2020-13397 (An issue was discovered in FreeRDP before 2.1.1. An
out-of-bounds (OOB ...)
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8
CVE-2020-13396 (An issue was discovered in FreeRDP before 2.1.1. An
out-of-bounds (OOB ...)
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc
CVE-2020-13395
RESERVED
@@ -31012,7 +31009,6 @@ CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP
versions > 1.1 through 2.
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/192856cb59974ee4d7d3e72cbeafa676aa7565cf
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012
@@ -31020,7 +31016,6 @@ CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP
versions > 1.0 through 2
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/0b6b92a25a77d533b8a92d6acc840a81e103684e
CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0
through 2. ...)
@@ -31034,21 +31029,18 @@ CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP
versions > 1.0 through 2.0
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/ce21b9d7ecd967e0bc98ed31a6b3757848aa6c9e
CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has
an Out- ...)
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/907640a924fa7a9a99c80a48ac225e9d8e41548b
CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version > 1.0 through
2.0.0-rc ...)
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/17f547ae11835bb11baa3d045245dc1694866845
CVE-2020-11520 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier
allows ...)
@@ -32111,7 +32103,6 @@ CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0,
a stream out-of-bounds se
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6011
@@ -32146,7 +32137,6 @@ CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0,
there is an out-of-bounds
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6007
@@ -32162,7 +32152,6 @@ CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0,
there is a stream out-of-
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6006
@@ -32170,7 +32159,6 @@ CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0,
there is an out-of-bound
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6005
@@ -32191,7 +32179,6 @@ CVE-2020-11042 (In FreeRDP greater than 1.1 and before
2.0.0, there is an out-of
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6010
@@ -302030,7 +302017,7 @@ CVE-2013-7261
CVE-2013-7260 (Multiple stack-based buffer overflows in RealNetworks
RealPlayer befor ...)
NOT-FOR-US: RealPlayer
CVE-2014-0791 (Integer overflow in the license_read_scope_list function in
libfreerdp ...)
- - freerdp <unfixed> (unimportant)
+ - freerdp <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=998941
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/f1d6afca6ae620f9855a33280bdc6f3ad9153be0#diff-b6d68bbca6e0f5875c57ef225cd65c45
NOTE: A malicous license has simpler means to DoS a RDP client, e.g. by
simply stating that no valid license exists etc.
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Aug 2020] DLA-2356-1 freerdp - security update
+ {CVE-2014-0791 CVE-2020-11042 CVE-2020-11045 CVE-2020-11046
CVE-2020-11048 CVE-2020-11058 CVE-2020-11521 CVE-2020-11522 CVE-2020-11523
CVE-2020-11525 CVE-2020-11526 CVE-2020-13396 CVE-2020-13397 CVE-2020-13398}
+ [stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4
[29 Aug 2020] DLA-2355-1 bind9 - security update
{CVE-2020-8622 CVE-2020-8623}
[stretch] - bind9 1:9.10.3.dfsg.P4-12.3+deb9u7
=====================================
data/dla-needed.txt
=====================================
@@ -72,9 +72,6 @@ firefox-esr (Emilio)
--
fossil (Mike Gabriel)
--
-freerdp (Mike Gabriel)
- NOTE: 20200510: Vulnerable to at least CVE-2020-11042. (lamby)
---
gnome-shell (Mike Gabriel)
NOTE: 20200829:
https://salsa.debian.org/gnome-team/gnome-shell/-/merge_requests/41 (sunweaver)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/660fddf90e4dee97951cdaa3ebb376b67e0777b4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/660fddf90e4dee97951cdaa3ebb376b67e0777b4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
