Tobias Frost pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a1595abf by Tobias Frost at 2023-11-17T18:17:04+01:00
Reserve DLA-3654-1 for freerdp2
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -77973,7 +77973,6 @@ CVE-2022-41878 (Parse Server is an open source backend
that can be deployed to a
CVE-2022-41877 (FreeRDP is a free remote desktop protocol library and clients.
Affecte ...)
- freerdp2 2.9.0+dfsg1-1 (bug #1024511)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
- [buster] - freerdp2 <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-pmv3-wpw4-pw5h
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/6655841cf2a00b764f855040aecb8803cfc5eaba
CVE-2022-41876 (ezplatform-graphql is a GraphQL server implementation for
Ibexa DXP an ...)
@@ -84411,7 +84410,6 @@ CVE-2022-39348 (Twisted is an event-based framework for
internet applications. S
CVE-2022-39347 (FreeRDP is a free remote desktop protocol library and clients.
Affecte ...)
- freerdp2 2.9.0+dfsg1-1 (bug #1024511)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
- [buster] - freerdp2 <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c5xq-8v35-pffg
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/027424c2c6c0991cb9c22f9511478229c9b17e5d
CVE-2022-39346 (Nextcloud server is an open source personal cloud server.
Affected ver ...)
@@ -84501,13 +84499,11 @@ CVE-2022-39320 (FreeRDP is a free remote desktop
protocol library and clients. A
CVE-2022-39319 (FreeRDP is a free remote desktop protocol library and clients.
Affecte ...)
- freerdp2 2.9.0+dfsg1-1 (bug #1024511)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
- [buster] - freerdp2 <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvxm-wfj2-5fvh
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/11555828d2cf289b350baba5ad1f462f10b80b76
CVE-2022-39318 (FreeRDP is a free remote desktop protocol library and clients.
Affecte ...)
- freerdp2 2.9.0+dfsg1-1 (bug #1024511)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
- [buster] - freerdp2 <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-387j-8j96-7q35
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea
CVE-2022-39317 (FreeRDP is a free remote desktop protocol library and clients.
Affecte ...)
@@ -84518,7 +84514,6 @@ CVE-2022-39317 (FreeRDP is a free remote desktop
protocol library and clients. A
CVE-2022-39316 (FreeRDP is a free remote desktop protocol library and clients.
In affe ...)
- freerdp2 2.9.0+dfsg1-1 (bug #1024511)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
- [buster] - freerdp2 <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5w4j-mrrh-jjrm
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0
CVE-2022-39315 (Kirby is a Content Management System. Prior to versions
3.5.8.2, 3.6.6 ...)
@@ -84613,7 +84608,6 @@ CVE-2022-39283 (FreeRDP is a free remote desktop
protocol library and clients. A
CVE-2022-39282 (FreeRDP is a free remote desktop protocol library and clients.
FreeRDP ...)
- freerdp2 2.8.1+dfsg1-1 (bug #1021659)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
- [buster] - freerdp2 <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq
NOTE: patch likely:
https://github.com/FreeRDP/FreeRDP/commit/60aac2abf0740dd36b62712fba91498fd6e055fe
(not confirmed by upstream)
CVE-2022-39281 (fat_free_crm is a an open source, Ruby on Rails customer
relationship ...)
@@ -126065,7 +126059,6 @@ CVE-2022-24884 (ecdsautils is a tiny collection of
programs used for ECDSA (keyg
CVE-2022-24883 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP). ...)
- freerdp2 2.7.0+dfsg1-1
[bullseye] - freerdp2 <no-dsa> (Minor issue)
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc
@@ -154250,7 +154243,6 @@ CVE-2021-41161 (Combodo iTop is a web based IT
Service Management tool. In versi
CVE-2021-41160 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP), ...)
- freerdp2 2.4.1+dfsg1-1 (bug #1001062)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Nov 2023] DLA-3654-1 freerdp2 - security update
+ {CVE-2021-41160 CVE-2022-24883 CVE-2022-39282 CVE-2022-39316
CVE-2022-39318 CVE-2022-39319 CVE-2022-39347 CVE-2022-41877 CVE-2023-39283}
+ [buster] - freerdp2 2.3.0+dfsg1-2+deb10u4
[15 Nov 2023] DLA-3653-1 libclamunrar - security update
{CVE-2023-40477}
[buster] - libclamunrar 0.103.10-0+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -68,13 +68,6 @@ freeimage (gladk)
NOTE: 20230826: about this. Anyway, too many CVEs piled up. I feel we should
roll
NOTE: 20230826: out the DLA/ELA now. (utkarsh)
--
-freerdp2 (tobi)
- NOTE: 20230924: Added by Front-Desk (apo)
- NOTE: 20230924: Too many unresolved issues have piled up. High popcon. (apo)
- NOTE: 20231007: First round done, unfortunatly missed a few CVES while
updating, will do an follow up.
- NOTE: 20231023: Will continue working on package next weekend. (tobi)
- NOTE: 20231107: 80% ready, waiting for upstream feedback about remaining
CVEs which have not indicated the patch needed. (tobi)
---
galera-3 (Adrian Bunk)
NOTE: 20231028: Added by Front-Desk (gladk)
NOTE: 20231028: Acc. to CVE notes the open issue is fixed in 26.4.12.
Please, try to find a corresponding commit and try to backport it. Otherwise -
no-dsa. (gladk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1595abf3774e219c2db4ef5578a64659f62635b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1595abf3774e219c2db4ef5578a64659f62635b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
