Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits: a1595abf by Tobias Frost at 2023-11-17T18:17:04+01:00 Reserve DLA-3654-1 for freerdp2 - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -77973,7 +77973,6 @@ CVE-2022-41878 (Parse Server is an open source backend that can be deployed to a CVE-2022-41877 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) - freerdp2 2.9.0+dfsg1-1 (bug #1024511) [bullseye] - freerdp2 <no-dsa> (Minor issue) - [buster] - freerdp2 <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-pmv3-wpw4-pw5h NOTE: https://github.com/FreeRDP/FreeRDP/commit/6655841cf2a00b764f855040aecb8803cfc5eaba CVE-2022-41876 (ezplatform-graphql is a GraphQL server implementation for Ibexa DXP an ...) @@ -84411,7 +84410,6 @@ CVE-2022-39348 (Twisted is an event-based framework for internet applications. S CVE-2022-39347 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) - freerdp2 2.9.0+dfsg1-1 (bug #1024511) [bullseye] - freerdp2 <no-dsa> (Minor issue) - [buster] - freerdp2 <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c5xq-8v35-pffg NOTE: https://github.com/FreeRDP/FreeRDP/commit/027424c2c6c0991cb9c22f9511478229c9b17e5d CVE-2022-39346 (Nextcloud server is an open source personal cloud server. Affected ver ...) @@ -84501,13 +84499,11 @@ CVE-2022-39320 (FreeRDP is a free remote desktop protocol library and clients. A CVE-2022-39319 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) - freerdp2 2.9.0+dfsg1-1 (bug #1024511) [bullseye] - freerdp2 <no-dsa> (Minor issue) - [buster] - freerdp2 <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvxm-wfj2-5fvh NOTE: https://github.com/FreeRDP/FreeRDP/commit/11555828d2cf289b350baba5ad1f462f10b80b76 CVE-2022-39318 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) - freerdp2 2.9.0+dfsg1-1 (bug #1024511) [bullseye] - freerdp2 <no-dsa> (Minor issue) - [buster] - freerdp2 <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-387j-8j96-7q35 NOTE: https://github.com/FreeRDP/FreeRDP/commit/80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea CVE-2022-39317 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) @@ -84518,7 +84514,6 @@ CVE-2022-39317 (FreeRDP is a free remote desktop protocol library and clients. A CVE-2022-39316 (FreeRDP is a free remote desktop protocol library and clients. In affe ...) - freerdp2 2.9.0+dfsg1-1 (bug #1024511) [bullseye] - freerdp2 <no-dsa> (Minor issue) - [buster] - freerdp2 <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5w4j-mrrh-jjrm NOTE: https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0 CVE-2022-39315 (Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6 ...) @@ -84613,7 +84608,6 @@ CVE-2022-39283 (FreeRDP is a free remote desktop protocol library and clients. A CVE-2022-39282 (FreeRDP is a free remote desktop protocol library and clients. FreeRDP ...) - freerdp2 2.8.1+dfsg1-1 (bug #1021659) [bullseye] - freerdp2 <no-dsa> (Minor issue) - [buster] - freerdp2 <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq NOTE: patch likely: https://github.com/FreeRDP/FreeRDP/commit/60aac2abf0740dd36b62712fba91498fd6e055fe (not confirmed by upstream) CVE-2022-39281 (fat_free_crm is a an open source, Ruby on Rails customer relationship ...) @@ -126065,7 +126059,6 @@ CVE-2022-24884 (ecdsautils is a tiny collection of programs used for ECDSA (keyg CVE-2022-24883 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...) - freerdp2 2.7.0+dfsg1-1 [bullseye] - freerdp2 <no-dsa> (Minor issue) - [buster] - freerdp2 <no-dsa> (Minor issue) - freerdp <removed> NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc @@ -154250,7 +154243,6 @@ CVE-2021-41161 (Combodo iTop is a web based IT Service Management tool. In versi CVE-2021-41160 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 2.4.1+dfsg1-1 (bug #1001062) [bullseye] - freerdp2 <no-dsa> (Minor issue) - [buster] - freerdp2 <no-dsa> (Minor issue) - freerdp <removed> [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[17 Nov 2023] DLA-3654-1 freerdp2 - security update + {CVE-2021-41160 CVE-2022-24883 CVE-2022-39282 CVE-2022-39316 CVE-2022-39318 CVE-2022-39319 CVE-2022-39347 CVE-2022-41877 CVE-2023-39283} + [buster] - freerdp2 2.3.0+dfsg1-2+deb10u4 [15 Nov 2023] DLA-3653-1 libclamunrar - security update {CVE-2023-40477} [buster] - libclamunrar 0.103.10-0+deb10u1 ===================================== data/dla-needed.txt ===================================== @@ -68,13 +68,6 @@ freeimage (gladk) NOTE: 20230826: about this. Anyway, too many CVEs piled up. I feel we should roll NOTE: 20230826: out the DLA/ELA now. (utkarsh) -- -freerdp2 (tobi) - NOTE: 20230924: Added by Front-Desk (apo) - NOTE: 20230924: Too many unresolved issues have piled up. High popcon. (apo) - NOTE: 20231007: First round done, unfortunatly missed a few CVES while updating, will do an follow up. - NOTE: 20231023: Will continue working on package next weekend. (tobi) - NOTE: 20231107: 80% ready, waiting for upstream feedback about remaining CVEs which have not indicated the patch needed. (tobi) --- galera-3 (Adrian Bunk) NOTE: 20231028: Added by Front-Desk (gladk) NOTE: 20231028: Acc. to CVE notes the open issue is fixed in 26.4.12. Please, try to find a corresponding commit and try to backport it. Otherwise - no-dsa. (gladk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1595abf3774e219c2db4ef5578a64659f62635b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1595abf3774e219c2db4ef5578a64659f62635b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits