Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits: 677ea8f5 by Tobias Frost at 2023-10-04T19:35:11+02:00 freerdp2: Add patches fixing CVEs (see complete commit message for details) Asked Upstream to associate CVEs with commit ids (via IRC, #debian-remote), received the following information: CVE-2023-39350 7ece410ce5b5660b9191e1ccb6835158afa11822 CVE-2023-39351 99e243cdbc31f66b5c917452c8fed3276e8bdcd5 CVE-2023-39352 6a63441e4ee8e2bf333361f5d24156a183b14ecd CVE-2023-39353 9ed6d6baede27d5006e0e4c9bec8e506f695cb6a efa0567c027239b901ccdc590b9e229e0111c68b CVE-2023-39354 82ac0164f330c08ddd9a6ef6f3dbf846c4b79def 9a1ee1bae5a9561f5031a7b69129f10458b62d4a CVE-2023-39356 23db2f4e6ba71f1c10c543f24de595d7340adb46 889348a86e49bc8f1351ed6496d847b32db5f86e CVE-2023-40567 bacb8c016ef72aa767760b6b01d15500aee9d59a CVE-2023-40569 23c3daeca1598393f8c93f563f7847a4d67919f1 CVE-2023-40181 c23cbdc4a5756bd723223c7139654de7439fdcc0 CVE-2023-40186 d8a1ac342ae375644c70579c33b5cf38fb43b083 CVE-2023-40188 bdb3909a7713fb0b3d94c9676fe44d19de80eb4b CVE-2023-40589 c659973bb4cd65c065f2fe1a807dbc6805c684c6 (Information available on: https://salsa.debian.org/-/snippets/662) - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -4736,10 +4736,13 @@ CVE-2023-41034 (Eclipse Leshan is a device management server and client Java imp CVE-2023-40589 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 2.11.2+dfsg1-1 (bug #1051638) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x - NOTE: https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416 + NOTE: https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416 (3.0.0-beta3) + NOTE: https://github.com/FreeRDP/FreeRDP/commit/c659973bb4cd65c065f2fe1a807dbc6805c684c6 (2.11.0) CVE-2023-39356 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 2.11.2+dfsg1-1 (bug #1051638) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5v5-qhj5-mh6m + NOTE: https://github.com/FreeRDP/FreeRDP/commit/23db2f4e6ba71f1c10c543f24de595d7340adb46 (2.11.0) + NOTE: https://github.com/FreeRDP/FreeRDP/commit/889348a86e49bc8f1351ed6496d847b32db5f86e (2.11.0) CVE-2023-39355 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 2.11.2+dfsg1-1 (bug #1051638) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hvwj-vmg6-2f5h @@ -4747,21 +4750,25 @@ CVE-2023-39355 (FreeRDP is a free implementation of the Remote Desktop Protocol CVE-2023-39354 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 2.11.2+dfsg1-1 (bug #1051638) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c3r2-pxxp-f8r6 - NOTE: https://github.com/FreeRDP/FreeRDP/commit/cd1da25a87358eb3b5512fd259310e95b19a05ec + NOTE: https://github.com/FreeRDP/FreeRDP/commit/82ac0164f330c08ddd9a6ef6f3dbf846c4b79def (2.11.0) + NOTE: https://github.com/FreeRDP/FreeRDP/commit/9a1ee1bae5a9561f5031a7b69129f10458b62d4a (2.11.0) CVE-2023-39353 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 2.11.2+dfsg1-1 (bug #1051638) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hg53-9j9h-3c8f + NOTE: https://github.com/FreeRDP/FreeRDP/commit/9ed6d6baede27d5006e0e4c9bec8e506f695cb6a (2.11.0) + NOTE: https://github.com/FreeRDP/FreeRDP/commit/efa0567c027239b901ccdc590b9e229e0111c68b (2.11.0) CVE-2023-39352 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 2.11.2+dfsg1-1 (bug #1051638) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-whwr-qcf2-2mvj + NOTE: https://github.com/FreeRDP/FreeRDP/commit/6a63441e4ee8e2bf333361f5d24156a183b14ecd (2.11.0) CVE-2023-39351 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 2.11.2+dfsg1-1 (bug #1051638) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q9x9-cqjc-rgwq - NOTE: Potential patch: https://github.com/FreeRDP/FreeRDP/commit/99e243cdbc31f66b5c917452c8fed3276e8bdcd5 (2.11.0) + NOTE: https://github.com/FreeRDP/FreeRDP/commit/99e243cdbc31f66b5c917452c8fed3276e8bdcd5 (2.11.0) CVE-2023-39350 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 2.11.2+dfsg1-1 (bug #1051638) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh - NOTE: https://github.com/FreeRDP/FreeRDP/commit/e204fc8be5a372626b13f66daf2abafe71dbc2dc + NOTE: https://github.com/FreeRDP/FreeRDP/commit/7ece410ce5b5660b9191e1ccb6835158afa11822 (2.11.0) CVE-2023-34392 (A Missing Authentication for Critical Function vulnerability in the Sc ...) NOT-FOR-US: Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator CVE-2023-34391 (Insecure Inherited Permissions vulnerability in Schweitzer Engineering ...) @@ -4960,6 +4967,7 @@ CVE-2023-40582 (find-exec is a utility to discover available shell commands. Ver CVE-2023-40188 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 2.11.2+dfsg1-1 (bug #1051638) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq + NOTE: https://github.com/FreeRDP/FreeRDP/commit/bdb3909a7713fb0b3d94c9676fe44d19de80eb4b (2.11.0) CVE-2023-40187 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 <not-affected> (Vulnerable code introduced in 3.0.0-beta1) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-pwf9-v5p9-ch4f @@ -4968,6 +4976,7 @@ CVE-2023-40187 (FreeRDP is a free implementation of the Remote Desktop Protocol CVE-2023-40186 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 2.11.2+dfsg1-1 (bug #1051638) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v + NOTE: https://github.com/FreeRDP/FreeRDP/commit/d8a1ac342ae375644c70579c33b5cf38fb43b083 (2.11.0) CVE-2023-40184 (xrdp is an open source remote desktop protocol (RDP) server. In versio ...) - xrdp <unfixed> (bug #1051061) [bookworm] - xrdp <no-dsa> (Minor issue) @@ -4978,6 +4987,7 @@ CVE-2023-40184 (xrdp is an open source remote desktop protocol (RDP) server. In CVE-2023-40181 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 2.11.2+dfsg1-1 (bug #1051638) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8 + NOTE: https://github.com/FreeRDP/FreeRDP/commit/c23cbdc4a5756bd723223c7139654de7439fdcc0 (2.11.0) CVE-2023-3992 (The PostX WordPress plugin before 3.0.6 does not sanitise and escape a ...) NOT-FOR-US: WordPress plugin CVE-2023-3720 (The Upload Media By URL WordPress plugin before 1.0.8 does not have CS ...) @@ -5666,11 +5676,13 @@ CVE-2023-40570 (Datasette is an open source multi-tool for exploring and publish CVE-2023-40569 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 <unfixed> (bug #1051638) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hm8c-rcjg-c8qp + NOTE: https://github.com/FreeRDP/FreeRDP/commit/23c3daeca1598393f8c93f563f7847a4d67919f1 (2.11.0) CVE-2023-40568 REJECTED CVE-2023-40567 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 2.11.2+dfsg1-1 (bug #1051638) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp + NOTE: https://github.com/FreeRDP/FreeRDP/commit/bacb8c016ef72aa767760b6b01d15500aee9d59a (2.11.0) CVE-2023-40530 (Improper authorization in handler for custom URL scheme issue in 'Skyl ...) NOT-FOR-US: 'Skylark' App CVE-2023-40182 (Silverware Games is a premium social network where people can play gam ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/677ea8f5d2ce77069a3f9112246cda4205836c78 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/677ea8f5d2ce77069a3f9112246cda4205836c78 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
