[Git][security-tracker-team/security-tracker][master] Process some new freerdp2 issues
Salvatore Bonaccorso
carnil at debian.org
Fri May 29 20:48:49 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b2f6c532 by Salvatore Bonaccorso at 2020-05-29T21:47:46+02:00
Process some new freerdp2 issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7342,14 +7342,29 @@ CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6010
-CVE-2020-11041
+CVE-2020-11041 [Unchecked read of array offset in rdpsnd_recv_wave2_pdu ]
RESERVED
+ - freerdp2 2.1.1+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w
CVE-2020-11040
RESERVED
-CVE-2020-11039
+CVE-2020-11039 [Out of bound read/write in usb redirection channel]
RESERVED
-CVE-2020-11038
+ - freerdp2 2.1.1+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq
+CVE-2020-11038 [Integer overflow in VIDEO channel]
RESERVED
+ - freerdp2 2.1.1+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g
CVE-2020-11037 (In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack ...)
NOT-FOR-US: Wagtail
CVE-2020-11036 (In GLPI before version 9.4.6 there are multiple related stored XSS vul ...)
@@ -7448,8 +7463,11 @@ CVE-2020-11019
RESERVED
CVE-2020-11018
RESERVED
-CVE-2020-11017
+CVE-2020-11017 [Double free in cliprdr_server_receive_capabilities]
RESERVED
+ - freerdp2 2.1.1+dfsg1-1
+ - freerdp <removed>
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c
CVE-2020-11016 (IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vuln ...)
NOT-FOR-US: IntelMQ Manager
CVE-2020-11015
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2f6c532a7b15b1421ea69d12d6cef127752f2d5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2f6c532a7b15b1421ea69d12d6cef127752f2d5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200529/08dfd906/attachment.html>
More information about the debian-security-tracker-commits
mailing list