[Git][security-tracker-team/security-tracker][master] Add four new FreeRDP issues

Fri May 8 07:25:44 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3d891e6c by Salvatore Bonaccorso at 2020-05-08T08:25:05+02:00
Add four new FreeRDP issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4997,15 +4997,31 @@ CVE-2020-11048
 CVE-2020-11047
 	RESERVED
 CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds ...)
-	TODO: check
+	- freerdp2 <unfixed>
+	- freerdp <removed>
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q
+	NOTE: Fixed  by: https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37
+	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6006
 CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read i ...)
-	TODO: check
+	- freerdp2 <unfixed>
+	- freerdp <removed>
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6
+	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637
+	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6005
 CVE-2020-11044 (In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_ ...)
-	TODO: check
+	- freerdp2 <unfixed>
+	- freerdp <not-affected> (Vulnerable code introduced later)
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w
+	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8
+	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6013
 CVE-2020-11043
 	RESERVED
 CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bound ...)
-	TODO: check
+	- freerdp2 <unfixed>
+	- freerdp <removed>
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q
+	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f
+	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6010
 CVE-2020-11041
 	RESERVED
 CVE-2020-11040



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d891e6c798b6afa3ff79a9d06f11819b8b62130

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d891e6c798b6afa3ff79a9d06f11819b8b62130
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200508/0604441a/attachment.html>
