Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
058e502a by Sylvain Beucler at 2024-05-03T15:09:09+02:00
CVE-2024-32039,CVE-2024-32040,CVE-2024-32041,CVE-2024-32458,CVE-2024-32459,CVE-2024-32460/freerdp*:
reference patches
- - - - -
32ef1278 by Sylvain Beucler at 2024-05-03T15:09:11+02:00
Introductory commits for CVE-2024-32659,CVE-2024-32661,CVE-2024-32662/freerdp*
+ CVE-2024-32662/freerdp2 not-affected
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2438,9 +2438,10 @@ CVE-2024-32675 (Missing Authorization vulnerability in
Xfinity Soft Order Limit
NOT-FOR-US: WordPress plugin
CVE-2024-32662 (FreeRDP is a free implementation of the Remote Desktop
Protocol. FreeR ...)
- freerdp3 3.5.1+dfsg1-1
- - freerdp2 <unfixed>
+ - freerdp2 <not-affected>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vffh-j6hh-95f4
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/626d10a94a88565d957ddc30768ed08b320049a7
(3.5.1)
+ NOTE: Introduced by:
https://github.com/FreeRDP/FreeRDP/commit/ae8f0106bd9d79dc0369c19b632c5112338ecad4
(3.0.0-beta1)
CVE-2024-32432 (Missing Authorization vulnerability in Ovic Team Ovic Addon
Toolkit.Th ...)
NOT-FOR-US: WordPress plugin
CVE-2024-32078 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in F ...)
@@ -2575,6 +2576,7 @@ CVE-2024-32661 (FreeRDP is a free implementation of the
Remote Desktop Protocol.
- freerdp2 <unfixed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p5m5-342g-pv9m
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc814592f56600793
(3.5.1)
+ NOTE: Introduced by:
https://github.com/FreeRDP/FreeRDP/commit/1b2b1c4ac14ac43f4e475488763d8659bd934eb6
(2.0.0-beta1+android10)
CVE-2024-32660 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.5.1+dfsg1-1 (bug #1069752)
- freerdp2 <unfixed>
@@ -2585,6 +2587,7 @@ CVE-2024-32659 (FreeRDP is a free implementation of the
Remote Desktop Protocol.
- freerdp2 <unfixed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jgr-7r33-x87w
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/6430945ce003a5e24d454d8566f54aae1b6b617b
(3.5.1)
+ NOTE: Introduced by:
https://github.com/FreeRDP/FreeRDP/commit/c697941de2b7062821e004411ec18ea71e50a30d
(1.2.0-beta1+android7)
CVE-2024-32658 (FreeRDP is a free implementation of the Remote Desktop
Protocol. FreeR ...)
- freerdp3 3.5.1+dfsg1-1 (bug #1069752)
- freerdp2 <unfixed>
@@ -2809,26 +2812,38 @@ CVE-2024-32041 (FreeRDP is a free implementation of the
Remote Desktop Protocol.
- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
- freerdp2 <unfixed> (bug #1069728)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
+ NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5r4p-mfx2-m44r
+ NOTE:
https://github.com/FreeRDP/FreeRDP/commit/d88ad1acd142769650a6159906ac90f46a766265
(2.11.6)
CVE-2024-32039 (FreeRDP is a free implementation of the Remote Desktop
Protocol. FreeR ...)
- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
- freerdp2 <unfixed> (bug #1069728)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
+ NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5h8-7j42-j4r9
+ NOTE:
https://github.com/FreeRDP/FreeRDP/commit/d88ad1acd142769650a6159906ac90f46a766265
(2.11.6)
CVE-2024-32040 (FreeRDP is a free implementation of the Remote Desktop
Protocol. FreeR ...)
- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
- freerdp2 <unfixed> (bug #1069728)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
+ NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-23c5-cp23-h2h5
+ NOTE:
https://github.com/FreeRDP/FreeRDP/commit/5893b5f277db38b0040c572b078de838b84cfc07
(2.11.6)
CVE-2024-32458 (FreeRDP is a free implementation of the Remote Desktop
Protocol. FreeR ...)
- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
- freerdp2 <unfixed> (bug #1069728)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
+ NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vvr6-h646-mp4p
+ NOTE:
https://github.com/FreeRDP/FreeRDP/commit/9bc624c721ecde8251cfabd1edf069bc713ccc97
(2.11.6)
CVE-2024-32459 (FreeRDP is a free implementation of the Remote Desktop
Protocol. FreeR ...)
- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
- freerdp2 <unfixed> (bug #1069728)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
+ NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cp4q-p737-rmw9
+ NOTE:
https://github.com/FreeRDP/FreeRDP/commit/b70c8e989d2807cea47bbf89e57700b5a10b2ca7
(2.11.6)
CVE-2024-32460 (FreeRDP is a free implementation of the Remote Desktop
Protocol. FreeR ...)
- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
- freerdp2 <unfixed> (bug #1069728)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
+ NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4rr8-gr65-vqrr
+ NOTE:
https://github.com/FreeRDP/FreeRDP/commit/18cef378eae2b63a1a750da242f00da12b5b3881
(2.11.6)
CVE-2024-32493 (An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and
Znuny 7.0 ...)
- znuny 6.5.8-1
[bookworm] - znuny <no-dsa> (Non-free not supported)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cf1975168a6e816c2d0026af9e931d644c067936...32ef12782b97d954059a5970c59677086182c428
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cf1975168a6e816c2d0026af9e931d644c067936...32ef12782b97d954059a5970c59677086182c428
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
