Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c4192b2f by Salvatore Bonaccorso at 2026-02-12T13:05:43+01:00
Revert "Handle src:freerdp3 to src:freerdp source package rename"
This reverts commit 011544f56b1a130c399a425457d89976aa315921.
The source packae has been renamed back to freerdp3.
The tracker might have a temporary incorrect "status" while src:freerdp
is still present but will resolve once the package has been removed.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -377835,20 +377835,18 @@ CVE-2022-24884 (ecdsautils is a tiny collection of
programs used for ECDSA (keyg
CVE-2022-24883 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP). ...)
{DLA-4053-1 DLA-3654-1}
- freerdp2 2.7.0+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc
NOTE: Fixed by (backport):
https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2022-24882 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP). ...)
{DLA-4070-1}
- freerdp2 2.7.0+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6x5p-gp49-3jhh
NOTE: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95
NOTE: Pull request for stable 2.0 branch:
https://github.com/FreeRDP/FreeRDP/pull/7750
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2022-24881 (Ballcat Codegen provides the function of online editing code
to genera ...)
NOT-FOR-US: Ballcat Codegen
CVE-2022-24880 (flask-session-captcha is a package which allows users to
extend Flask ...)
@@ -406001,22 +405999,20 @@ CVE-2021-41161 (Combodo iTop is a web based IT
Service Management tool. In versi
CVE-2021-41160 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP), ...)
{DLA-4053-1 DLA-3654-1}
- freerdp2 2.4.1+dfsg1-1 (bug #1001062)
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg
NOTE: https://github.com/FreeRDP/FreeRDP/pull/7349
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/217e0caa181fc1690cf84dd6a3ba1a4f90c02692
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2021-41159 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP), ...)
- freerdp2 2.4.1+dfsg1-1 (bug #1001061)
[bullseye] - freerdp2 <ignored> (Patch is too instrusive to backport)
[buster] - freerdp2 <ignored> (Patch is too instrusive to backport)
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/d39a7ba5c38e3ba3b99b1558dc2ab0970cbfb0c5
(Stable 2.0 backports)
NOTE: The RFC gateway parsing code has been completly refactored,
backporting to 2.3.x is not feasible.
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/f0b44da67c09488178000725ff9f2729ccfdf9fe
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2021-41158 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
- freeswitch <itp> (bug #389591)
NOTE:
https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4
@@ -501549,12 +501545,11 @@ CVE-2020-15104 (In Envoy before versions 1.12.6,
1.13.4, 1.14.4, and 1.15.0 when
CVE-2020-15103 (In FreeRDP less than or equal to 2.1.2, an integer overflow
exists due ...)
{DLA-3606-1}
- freerdp2 2.2.0+dfsg1-1 (bug #965979)
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
[stretch] - freerdp <not-affected> (Vulnerable gfx code not present)
NOTE: https://github.com/FreeRDP/FreeRDP/pull/6381
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/be8c8640ead04b1e4fc9176c504bf688351c8924
(stable-2.0)
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/da684f5335c2b3b726a39f3c091ce804e55f4f8e
(stable-2.0)
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-15102 (In PrestaShop Dashboard Productions before version 2.1.0,
there is imp ...)
NOT-FOR-US: PrestaShop
CVE-2020-15101 (In freewvs before 0.1.1, a directory structure of more than
1000 neste ...)
@@ -506422,21 +506417,18 @@ CVE-2020-13399
CVE-2020-13398 (An issue was discovered in FreeRDP before 2.1.1. An
out-of-bounds (OOB ...)
{DLA-3606-1 DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-13397 (An issue was discovered in FreeRDP before 2.1.1. An
out-of-bounds (OOB ...)
{DLA-3606-1 DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-13396 (An issue was discovered in FreeRDP before 2.1.1. An
out-of-bounds (OOB ...)
{DLA-3606-1 DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-13395
RESERVED
CVE-2020-13394 (An issue was discovered on Tenda AC6 V1.0
V15.03.05.19_multi_TD01, AC9 ...)
@@ -512581,50 +512573,44 @@ CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP
versions > 1.1 through 2.0.0
{DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/192856cb59974ee4d7d3e72cbeafa676aa7565cf
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through
2.0.0-rc4 ...)
{DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/0b6b92a25a77d533b8a92d6acc840a81e103684e
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0
through 2.0.0 ...)
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/7b1d4b49391b4512402840431757703a96946820
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through
2.0.0-rc4 ha ...)
{DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/ce21b9d7ecd967e0bc98ed31a6b3757848aa6c9e
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an
Out-of- ...)
{DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/907640a924fa7a9a99c80a48ac225e9d8e41548b
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version > 1.0 through
2.0.0-rc4 h ...)
{DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/17f547ae11835bb11baa3d045245dc1694866845
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11520 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier
allows ...)
NOT-FOR-US: WinMagic SecureDoc
CVE-2020-11519 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier
allows ...)
@@ -513529,40 +513515,35 @@ CVE-2016-11023 (odata4j 0.7.0 allows
ExecuteCountQueryCommand.java SQL injection
CVE-2020-11099 (In FreeRDP before version 2.1.2, there is an out of bounds
read in lic ...)
{DLA-3606-1}
- freerdp2 2.1.2+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11098 (In FreeRDP before version 2.1.2, there is an out-of-bound read
in glyp ...)
{DLA-3606-1}
- freerdp2 2.1.2+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11097 (In FreeRDP before version 2.1.2, an out of bounds read occurs
resultin ...)
{DLA-3606-1}
- freerdp2 2.1.2+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11096 (In FreeRDP before version 2.1.2, there is a global OOB read in
update_ ...)
{DLA-3606-1}
- freerdp2 2.1.2+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/b8beb55913471952f92770c90c372139d78c16c0
(3.0.0-beta1)
NOTE: Regression fix:
https://github.com/FreeRDP/FreeRDP/commit/ce1a9d8d1969ecbb4d24b9f4812654638a44abc2
(3.0.0-beta1)
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/746d10179c54e77beccf0b4edf2c9803d5a8e7da
(2.1.2)
NOTE: Regression fix:
https://github.com/FreeRDP/FreeRDP/commit/62530e2d9dab999d1c5ddd1368d67c599dccd580
(2.2.0)
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11095 (In FreeRDP before version 2.1.2, an out of bound reads occurs
resultin ...)
{DLA-3606-1}
- freerdp2 2.1.2+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11094 (The October CMS debugbar plugin before version 3.1.0 contains
a featur ...)
NOT-FOR-US: October CMS
CVE-2020-11093 (Hyperledger Indy Node is the server portion of a distributed
ledger pu ...)
@@ -513576,36 +513557,31 @@ CVE-2020-11090 (In Indy Node 1.12.2, there is an
Uncontrolled Resource Consumpti
CVE-2020-11089 (In FreeRDP before 2.1.0, there is an out-of-bound read in irp
function ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11088 (In FreeRDP less than or equal to 2.0.0, there is an
out-of-bound read ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11087 (In FreeRDP less than or equal to 2.0.0, there is an
out-of-bound read ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11086 (In FreeRDP less than or equal to 2.0.0, there is an
out-of-bound read ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11085 (In FreeRDP before 2.1.0, there is an out-of-bounds read in
cliprdr_rea ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11084 (In iPear, the manual execution of the eval() function can lead
to comm ...)
NOT-FOR-US: iPear
CVE-2020-11083 (In October from version 1.0.319 and before version 1.0.466, a
user wit ...)
@@ -513700,11 +513676,10 @@ CVE-2020-11059 (In AEgir greater than or equal to
21.7.0 and less than 21.10.1,
CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds
seek in ...)
{DLA-3606-1 DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6011
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11057 (In XWiki Platform 7.2 through 11.10.2, registered users
without script ...)
NOT-FOR-US: XWiki
CVE-2020-11056 (In Sprout Forms before 3.9.0, there is a potential Server-Side
Templat ...)
@@ -513727,43 +513702,38 @@ CVE-2020-11050 (In Java-WebSocket less than or
equal to 1.4.1, there is an Impro
CVE-2020-11049 (In FreeRDP after 1.1 and before 2.0.0, there is an
out-of-bound read o ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr
NOTE: Fixed with: https://github.com/FreeRDP/FreeRDP/pull/6019
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6008
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0, there is an
out-of-bounds read. ...)
{DLA-3606-1 DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6007
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11047 (In FreeRDP after 1.1 and before 2.0.0, there is an
out-of-bounds read ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6009
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream
out-of-bounds ...)
{DLA-3606-1 DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6006
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an
out-of-bound read i ...)
{DLA-3606-1 DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6005
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11044 (In FreeRDP greater than 1.2 and before 2.0.0, a double free in
update_ ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
@@ -513771,45 +513741,38 @@ CVE-2020-11044 (In FreeRDP greater than 1.2 and
before 2.0.0, a double free in u
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6013
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11043 (In FreeRDP less than or equal to 2.0.0, there is an
out-of-bounds read ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an
out-of-bound ...)
{DLA-3606-1 DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6010
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11041 (In FreeRDP less than or equal to 2.0.0, an outside controlled
array in ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11040 (In FreeRDP less than or equal to 2.0.0, there is an
out-of-bound data ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11039 (In FreeRDP less than or equal to 2.0.0, when using a
manipulated serve ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11038 (In FreeRDP less than or equal to 2.0.0, an Integer Overflow to
Buffer ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11037 (In Wagtail before versions 2.7.3 and 2.8.2, a potential timing
attack ...)
NOT-FOR-US: Wagtail
CVE-2020-11036 (In GLPI before version 9.4.6 there are multiple related stored
XSS vul ...)
@@ -513923,21 +513886,18 @@ CVE-2020-11020 (Faye (NPM, RubyGem) versions
greater than 0.5.0 and before 1.0.4
CVE-2020-11019 (In FreeRDP less than or equal to 2.0.0, when running with
logger set t ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11018 (In FreeRDP less than or equal to 2.0.0, a possible resource
exhaustion ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11017 (In FreeRDP less than or equal to 2.0.0, by providing
manipulated input ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-11016 (IntelMQ Manager from version 1.1.0 and before version 2.1.1
has a vuln ...)
NOT-FOR-US: IntelMQ Manager
CVE-2020-11015 (A vulnerability has been disclosed in thinx-device-api IoT
Device Mana ...)
@@ -531894,29 +531854,25 @@ CVE-2020-4034
CVE-2020-4033 (In FreeRDP before version 2.1.2, there is an out of bounds read
in RLE ...)
{DLA-3606-1}
- freerdp2 2.1.2+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-4032 (In FreeRDP before version 2.1.2, there is an integer casting
vulnerabi ...)
{DLA-3606-1}
- freerdp2 2.1.2+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-4031 (In FreeRDP before version 2.1.2, there is a use-after-free in
gdi_Sele ...)
{DLA-3606-1}
- freerdp2 2.1.2+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-4030 (In FreeRDP before version 2.1.2, there is an out of bounds read
in Tri ...)
{DLA-3606-1}
- freerdp2 2.1.2+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2020-4029 (The /rest/project-templates/1.0/createshared resource in
Atlassian Jir ...)
NOT-FOR-US: Atlassian
CVE-2020-4028 (Versions before 8.9.1, Various resources in Jira responded with
a 404 ...)
@@ -548668,7 +548624,7 @@ CVE-2019-17179 (4.1.0, 4.1.1, 4.1.2, 4.1.2.3,
4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.
CVE-2019-17178 (HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG
through 2019-0 ...)
- freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-2
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
[stretch] - freerdp <not-affected> (Vulnerable code not present)
NOTE: https://github.com/FreeRDP/FreeRDP/issues/5645
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a
(v2.0.0)
@@ -548677,17 +548633,15 @@ CVE-2019-17178 (HuffmanTree_makeFromFrequencies in
lodepng.c in LodePNG through
NOTE: cubicsdr, nestopia, refind, zopfli, montage), but don't seem
security-relevant
NOTE: embedded from:
https://github.com/FreeRDP/FreeRDP/commit/1c345834079f3c8b581204e36b0cf0f3c021c445
(2.0.0-beta1+android10)
NOTE: to:
https://github.com/FreeRDP/FreeRDP/commit/605b6b6233e52151d208b7faa87691533a857b07
(3.0.0-beta2)
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2019-17177 (libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x
through 2.0 ...)
- freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-2 (low)
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u1
- - freerdp 3.22.0+dfsg-2 (low)
+ - freerdp <removed> (low)
[stretch] - freerdp <not-affected> (Vulnerable code not present)
[jessie] - freerdp <ignored> (Minor issue; Patching this old version
would be very invasive; no upstream patch available)
NOTE: https://github.com/FreeRDP/FreeRDP/issues/5645
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a
(v2.0.0)
NOTE: Introduced by:
https://github.com/FreeRDP/FreeRDP/commit/d1e75efb8c8822716aaf41acd3a947d0641e9b21
(1.2.0-beta1+android7)
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2019-17176 (Genesys PureEngage Digital (eServices) 8.1.x allows XSS via
HtmlChatPa ...)
NOT-FOR-US: Genesys PureEngage Digital (eServices)
CVE-2019-17175 (joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath=
absolute path ...)
@@ -590301,7 +590255,6 @@ CVE-2018-1000852 (FreeRDP FreeRDP 2.0.0-rc3 released
version before commit 205c6
NOTE: https://github.com/FreeRDP/FreeRDP/issues/4866
NOTE: https://github.com/FreeRDP/FreeRDP/pull/4871
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/baee520e3dd9be6511c45a14c5f5e77784de1471
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2018-1000851 (Copay Bitcoin Wallet version 5.01 to 5.1.0 included.
contains a Other/ ...)
NOT-FOR-US: Copay Bitcoin Wallet
CVE-2018-1000850 (Square Retrofit version versions from (including) 2.0 and
2.5.0 (exclu ...)
@@ -628581,45 +628534,39 @@ CVE-2018-8790 (Check Point ZoneAlarm version
15.3.064.17729 and below expose a W
CVE-2018-8789 (FreeRDP prior to version 2.0.0-rc4 contains several
Out-Of-Bounds Read ...)
{DLA-1666-1}
- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
[stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2018-8788 (FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds
Write of ...)
{DLA-1666-1}
- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
[stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2018-8787 (FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow
that l ...)
{DLA-1666-1}
- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
[stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2018-8786 (FreeRDP prior to version 2.0.0-rc4 contains an Integer
Truncation that ...)
{DLA-1666-1}
- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
[stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2018-8785 (FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer
Overfl ...)
- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
[stretch] - freerdp <not-affected> (Vulnerable code not present, zgfx
not yet supported)
[jessie] - freerdp <not-affected> (Vulnerable code not present, zgfx
not yet supported)
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2018-8784 (FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer
Overfl ...)
- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
- - freerdp 3.22.0+dfsg-2
+ - freerdp <removed>
[stretch] - freerdp <not-affected> (Vulnerable code not present, zgfx
not yet supported)
[jessie] - freerdp <not-affected> (Vulnerable code not present, zgfx
not yet supported)
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2018-8783
RESERVED
CVE-2018-8782
@@ -784580,11 +784527,10 @@ CVE-2013-7260 (Multiple stack-based buffer
overflows in RealNetworks RealPlayer
NOT-FOR-US: RealPlayer
CVE-2014-0791 (Integer overflow in the license_read_scope_list function in
libfreerdp ...)
{DLA-2356-1}
- - freerdp 3.22.0+dfsg-2 (unimportant)
+ - freerdp <removed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=998941
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/f1d6afca6ae620f9855a33280bdc6f3ad9153be0#diff-b6d68bbca6e0f5875c57ef225cd65c45
NOTE: A malicous license has simpler means to DoS a RDP client, e.g. by
simply stating that no valid license exists etc.
- NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version
after the freerdp3 to freerdp rename
CVE-2014-0789 (Multiple buffer overflows in the OPC Automation 2.0 Server
Object Acti ...)
NOT-FOR-US: OPC Automation 2.0 Server
CVE-2014-0788
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4192b2f409f8bbd9c4e55e28f5dd6ffb9e73144
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4192b2f409f8bbd9c4e55e28f5dd6ffb9e73144
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
