Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 011544f5 by Salvatore Bonaccorso at 2026-02-12T08:23:54+01:00 Handle src:freerdp3 to src:freerdp source package rename With the freerdp/3.22.0+dfsg-2 upload to unstable the src:freerdp3 source package was renamed back to src:freerdp. There are a lot of issues fixed in later 2.x releases which now would re-appear as unfixed for src:freerdp. As they were already addressed mark the first version which does the rename and was uploaded to unstable as the fixed version for this class of CVEs, which are already fixed in an earlier version. Link: https://tracker.debian.org/news/1714963/accepted-freerdp-3220dfsg-2-source-into-unstable/ Signed-off-by: Salvatore Bonaccorso <[email protected]> - - - - - a4d3bcef by Salvatore Bonaccorso at 2026-02-12T10:23:31+01:00 Merge branch 'freerdp-rename-and-version-workaround' into 'master' Handle src:freerdp3 to src:freerdp source package rename See merge request security-tracker-team/security-tracker!265 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -377833,18 +377833,20 @@ CVE-2022-24884 (ecdsautils is a tiny collection of programs used for ECDSA (keyg CVE-2022-24883 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...) {DLA-4053-1 DLA-3654-1} - freerdp2 2.7.0+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc NOTE: Fixed by (backport): https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2022-24882 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...) {DLA-4070-1} - freerdp2 2.7.0+dfsg1-1 [buster] - freerdp2 <no-dsa> (Minor issue) - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6x5p-gp49-3jhh NOTE: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95 NOTE: Pull request for stable 2.0 branch: https://github.com/FreeRDP/FreeRDP/pull/7750 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2022-24881 (Ballcat Codegen provides the function of online editing code to genera ...) NOT-FOR-US: Ballcat Codegen CVE-2022-24880 (flask-session-captcha is a package which allows users to extend Flask ...) @@ -405997,20 +405999,22 @@ CVE-2021-41161 (Combodo iTop is a web based IT Service Management tool. In versi CVE-2021-41160 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) {DLA-4053-1 DLA-3654-1} - freerdp2 2.4.1+dfsg1-1 (bug #1001062) - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg NOTE: https://github.com/FreeRDP/FreeRDP/pull/7349 NOTE: https://github.com/FreeRDP/FreeRDP/commit/217e0caa181fc1690cf84dd6a3ba1a4f90c02692 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2021-41159 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 2.4.1+dfsg1-1 (bug #1001061) [bullseye] - freerdp2 <ignored> (Patch is too instrusive to backport) [buster] - freerdp2 <ignored> (Patch is too instrusive to backport) - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq NOTE: https://github.com/FreeRDP/FreeRDP/commit/d39a7ba5c38e3ba3b99b1558dc2ab0970cbfb0c5 (Stable 2.0 backports) NOTE: The RFC gateway parsing code has been completly refactored, backporting to 2.3.x is not feasible. NOTE: https://github.com/FreeRDP/FreeRDP/commit/f0b44da67c09488178000725ff9f2729ccfdf9fe + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2021-41158 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) - freeswitch <itp> (bug #389591) NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4 @@ -501543,11 +501547,12 @@ CVE-2020-15104 (In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when CVE-2020-15103 (In FreeRDP less than or equal to 2.1.2, an integer overflow exists due ...) {DLA-3606-1} - freerdp2 2.2.0+dfsg1-1 (bug #965979) - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 [stretch] - freerdp <not-affected> (Vulnerable gfx code not present) NOTE: https://github.com/FreeRDP/FreeRDP/pull/6381 NOTE: https://github.com/FreeRDP/FreeRDP/commit/be8c8640ead04b1e4fc9176c504bf688351c8924 (stable-2.0) NOTE: https://github.com/FreeRDP/FreeRDP/commit/da684f5335c2b3b726a39f3c091ce804e55f4f8e (stable-2.0) + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-15102 (In PrestaShop Dashboard Productions before version 2.1.0, there is imp ...) NOT-FOR-US: PrestaShop CVE-2020-15101 (In freewvs before 0.1.1, a directory structure of more than 1000 neste ...) @@ -506415,18 +506420,21 @@ CVE-2020-13399 CVE-2020-13398 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) {DLA-3606-1 DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-13397 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) {DLA-3606-1 DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-13396 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) {DLA-3606-1 DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-13395 RESERVED CVE-2020-13394 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) @@ -512571,44 +512579,50 @@ CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0 {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9 NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/192856cb59974ee4d7d3e72cbeafa676aa7565cf NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg NOTE: https://github.com/FreeRDP/FreeRDP/commit/0b6b92a25a77d533b8a92d6acc840a81e103684e + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0 ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw NOTE: https://github.com/FreeRDP/FreeRDP/commit/7b1d4b49391b4512402840431757703a96946820 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 ha ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42 NOTE: https://github.com/FreeRDP/FreeRDP/commit/ce21b9d7ecd967e0bc98ed31a6b3757848aa6c9e + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of- ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh NOTE: https://github.com/FreeRDP/FreeRDP/commit/907640a924fa7a9a99c80a48ac225e9d8e41548b + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 h ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w NOTE: https://github.com/FreeRDP/FreeRDP/commit/17f547ae11835bb11baa3d045245dc1694866845 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11520 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows ...) NOT-FOR-US: WinMagic SecureDoc CVE-2020-11519 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows ...) @@ -513513,35 +513527,40 @@ CVE-2016-11023 (odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection CVE-2020-11099 (In FreeRDP before version 2.1.2, there is an out of bounds read in lic ...) {DLA-3606-1} - freerdp2 2.1.2+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11098 (In FreeRDP before version 2.1.2, there is an out-of-bound read in glyp ...) {DLA-3606-1} - freerdp2 2.1.2+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11097 (In FreeRDP before version 2.1.2, an out of bounds read occurs resultin ...) {DLA-3606-1} - freerdp2 2.1.2+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11096 (In FreeRDP before version 2.1.2, there is a global OOB read in update_ ...) {DLA-3606-1} - freerdp2 2.1.2+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/b8beb55913471952f92770c90c372139d78c16c0 (3.0.0-beta1) NOTE: Regression fix: https://github.com/FreeRDP/FreeRDP/commit/ce1a9d8d1969ecbb4d24b9f4812654638a44abc2 (3.0.0-beta1) NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/746d10179c54e77beccf0b4edf2c9803d5a8e7da (2.1.2) NOTE: Regression fix: https://github.com/FreeRDP/FreeRDP/commit/62530e2d9dab999d1c5ddd1368d67c599dccd580 (2.2.0) + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11095 (In FreeRDP before version 2.1.2, an out of bound reads occurs resultin ...) {DLA-3606-1} - freerdp2 2.1.2+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11094 (The October CMS debugbar plugin before version 3.1.0 contains a featur ...) NOT-FOR-US: October CMS CVE-2020-11093 (Hyperledger Indy Node is the server portion of a distributed ledger pu ...) @@ -513555,31 +513574,36 @@ CVE-2020-11090 (In Indy Node 1.12.2, there is an Uncontrolled Resource Consumpti CVE-2020-11089 (In FreeRDP before 2.1.0, there is an out-of-bound read in irp function ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11088 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11087 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11086 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11085 (In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_rea ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11084 (In iPear, the manual execution of the eval() function can lead to comm ...) NOT-FOR-US: iPear CVE-2020-11083 (In October from version 1.0.319 and before version 1.0.466, a user wit ...) @@ -513674,10 +513698,11 @@ CVE-2020-11059 (In AEgir greater than or equal to 21.7.0 and less than 21.10.1, CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in ...) {DLA-3606-1 DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g NOTE: https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf NOTE: https://github.com/FreeRDP/FreeRDP/issues/6011 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11057 (In XWiki Platform 7.2 through 11.10.2, registered users without script ...) NOT-FOR-US: XWiki CVE-2020-11056 (In Sprout Forms before 3.9.0, there is a potential Server-Side Templat ...) @@ -513700,38 +513725,43 @@ CVE-2020-11050 (In Java-WebSocket less than or equal to 1.4.1, there is an Impro CVE-2020-11049 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read o ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr NOTE: Fixed with: https://github.com/FreeRDP/FreeRDP/pull/6019 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6008 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. ...) {DLA-3606-1 DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b NOTE: https://github.com/FreeRDP/FreeRDP/issues/6007 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11047 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6009 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds ...) {DLA-3606-1 DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6006 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read i ...) {DLA-3606-1 DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6 NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6005 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11044 (In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_ ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 @@ -513739,38 +513769,45 @@ CVE-2020-11044 (In FreeRDP greater than 1.2 and before 2.0.0, a double free in u NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6013 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11043 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bound ...) {DLA-3606-1 DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f NOTE: https://github.com/FreeRDP/FreeRDP/issues/6010 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11041 (In FreeRDP less than or equal to 2.0.0, an outside controlled array in ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11040 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11039 (In FreeRDP less than or equal to 2.0.0, when using a manipulated serve ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11038 (In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11037 (In Wagtail before versions 2.7.3 and 2.8.2, a potential timing attack ...) NOT-FOR-US: Wagtail CVE-2020-11036 (In GLPI before version 9.4.6 there are multiple related stored XSS vul ...) @@ -513884,18 +513921,21 @@ CVE-2020-11020 (Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4 CVE-2020-11019 (In FreeRDP less than or equal to 2.0.0, when running with logger set t ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11018 (In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11017 (In FreeRDP less than or equal to 2.0.0, by providing manipulated input ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-11016 (IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vuln ...) NOT-FOR-US: IntelMQ Manager CVE-2020-11015 (A vulnerability has been disclosed in thinx-device-api IoT Device Mana ...) @@ -531852,25 +531892,29 @@ CVE-2020-4034 CVE-2020-4033 (In FreeRDP before version 2.1.2, there is an out of bounds read in RLE ...) {DLA-3606-1} - freerdp2 2.1.2+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-4032 (In FreeRDP before version 2.1.2, there is an integer casting vulnerabi ...) {DLA-3606-1} - freerdp2 2.1.2+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-4031 (In FreeRDP before version 2.1.2, there is a use-after-free in gdi_Sele ...) {DLA-3606-1} - freerdp2 2.1.2+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-4030 (In FreeRDP before version 2.1.2, there is an out of bounds read in Tri ...) {DLA-3606-1} - freerdp2 2.1.2+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2020-4029 (The /rest/project-templates/1.0/createshared resource in Atlassian Jir ...) NOT-FOR-US: Atlassian CVE-2020-4028 (Versions before 8.9.1, Various resources in Jira responded with a 404 ...) @@ -548622,7 +548666,7 @@ CVE-2019-17179 (4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4. CVE-2019-17178 (HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-0 ...) - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-2 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 [stretch] - freerdp <not-affected> (Vulnerable code not present) NOTE: https://github.com/FreeRDP/FreeRDP/issues/5645 NOTE: https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a (v2.0.0) @@ -548631,15 +548675,17 @@ CVE-2019-17178 (HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through NOTE: cubicsdr, nestopia, refind, zopfli, montage), but don't seem security-relevant NOTE: embedded from: https://github.com/FreeRDP/FreeRDP/commit/1c345834079f3c8b581204e36b0cf0f3c021c445 (2.0.0-beta1+android10) NOTE: to: https://github.com/FreeRDP/FreeRDP/commit/605b6b6233e52151d208b7faa87691533a857b07 (3.0.0-beta2) + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2019-17177 (libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0 ...) - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-2 (low) [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u1 - - freerdp <removed> (low) + - freerdp 3.22.0+dfsg-2 (low) [stretch] - freerdp <not-affected> (Vulnerable code not present) [jessie] - freerdp <ignored> (Minor issue; Patching this old version would be very invasive; no upstream patch available) NOTE: https://github.com/FreeRDP/FreeRDP/issues/5645 NOTE: https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a (v2.0.0) NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/d1e75efb8c8822716aaf41acd3a947d0641e9b21 (1.2.0-beta1+android7) + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2019-17176 (Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPa ...) NOT-FOR-US: Genesys PureEngage Digital (eServices) CVE-2019-17175 (joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path ...) @@ -590253,6 +590299,7 @@ CVE-2018-1000852 (FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c6 NOTE: https://github.com/FreeRDP/FreeRDP/issues/4866 NOTE: https://github.com/FreeRDP/FreeRDP/pull/4871 NOTE: https://github.com/FreeRDP/FreeRDP/commit/baee520e3dd9be6511c45a14c5f5e77784de1471 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2018-1000851 (Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/ ...) NOT-FOR-US: Copay Bitcoin Wallet CVE-2018-1000850 (Square Retrofit version versions from (including) 2.0 and 2.5.0 (exclu ...) @@ -628532,39 +628579,45 @@ CVE-2018-8790 (Check Point ZoneAlarm version 15.3.064.17729 and below expose a W CVE-2018-8789 (FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Read ...) {DLA-1666-1} - freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 [stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3 NOTE: https://github.com/FreeRDP/FreeRDP/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2018-8788 (FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of ...) {DLA-1666-1} - freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 [stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3 NOTE: https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2018-8787 (FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that l ...) {DLA-1666-1} - freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 [stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3 NOTE: https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2018-8786 (FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that ...) {DLA-1666-1} - freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 [stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3 NOTE: https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2018-8785 (FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overfl ...) - freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 [stretch] - freerdp <not-affected> (Vulnerable code not present, zgfx not yet supported) [jessie] - freerdp <not-affected> (Vulnerable code not present, zgfx not yet supported) NOTE: https://github.com/FreeRDP/FreeRDP/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2018-8784 (FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overfl ...) - freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1 - - freerdp <removed> + - freerdp 3.22.0+dfsg-2 [stretch] - freerdp <not-affected> (Vulnerable code not present, zgfx not yet supported) [jessie] - freerdp <not-affected> (Vulnerable code not present, zgfx not yet supported) NOTE: https://github.com/FreeRDP/FreeRDP/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7 + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2018-8783 RESERVED CVE-2018-8782 @@ -784525,10 +784578,11 @@ CVE-2013-7260 (Multiple stack-based buffer overflows in RealNetworks RealPlayer NOT-FOR-US: RealPlayer CVE-2014-0791 (Integer overflow in the license_read_scope_list function in libfreerdp ...) {DLA-2356-1} - - freerdp <removed> (unimportant) + - freerdp 3.22.0+dfsg-2 (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=998941 NOTE: https://github.com/FreeRDP/FreeRDP/commit/f1d6afca6ae620f9855a33280bdc6f3ad9153be0#diff-b6d68bbca6e0f5875c57ef225cd65c45 NOTE: A malicous license has simpler means to DoS a RDP client, e.g. by simply stating that no valid license exists etc. + NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename CVE-2014-0789 (Multiple buffer overflows in the OPC Automation 2.0 Server Object Acti ...) NOT-FOR-US: OPC Automation 2.0 Server CVE-2014-0788 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ef73116d12bc37c3ddf6e0d8541a392606b0ea97...a4d3bcefc0802d0fe2fc8a3753588dc543365b09 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ef73116d12bc37c3ddf6e0d8541a392606b0ea97...a4d3bcefc0802d0fe2fc8a3753588dc543365b09 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
