[Git][security-tracker-team/security-tracker][master] Process some new freerdp2 issues

Salvatore Bonaccorso carnil at debian.org
Fri May 29 20:48:49 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b2f6c532 by Salvatore Bonaccorso at 2020-05-29T21:47:46+02:00
Process some new freerdp2 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7342,14 +7342,29 @@ CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f
 	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6010
-CVE-2020-11041
+CVE-2020-11041 [Unchecked read of array offset in rdpsnd_recv_wave2_pdu ]
 	RESERVED
+	- freerdp2 2.1.1+dfsg1-1
+	[buster] - freerdp2 <no-dsa> (Minor issue)
+	- freerdp <removed>
+	[stretch] - freerdp <no-dsa> (Minor issue)
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w
 CVE-2020-11040
 	RESERVED
-CVE-2020-11039
+CVE-2020-11039 [Out of bound read/write in usb redirection channel]
 	RESERVED
-CVE-2020-11038
+	- freerdp2 2.1.1+dfsg1-1
+	[buster] - freerdp2 <no-dsa> (Minor issue)
+	- freerdp <removed>
+	[stretch] - freerdp <no-dsa> (Minor issue)
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq
+CVE-2020-11038 [Integer overflow in VIDEO channel]
 	RESERVED
+	- freerdp2 2.1.1+dfsg1-1
+	[buster] - freerdp2 <no-dsa> (Minor issue)
+	- freerdp <removed>
+	[stretch] - freerdp <no-dsa> (Minor issue)
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g
 CVE-2020-11037 (In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack  ...)
 	NOT-FOR-US: Wagtail
 CVE-2020-11036 (In GLPI before version 9.4.6 there are multiple related stored XSS vul ...)
@@ -7448,8 +7463,11 @@ CVE-2020-11019
 	RESERVED
 CVE-2020-11018
 	RESERVED
-CVE-2020-11017
+CVE-2020-11017 [Double free in cliprdr_server_receive_capabilities]
 	RESERVED
+	- freerdp2 2.1.1+dfsg1-1
+	- freerdp <removed>
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c
 CVE-2020-11016 (IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vuln ...)
 	NOT-FOR-US: IntelMQ Manager
 CVE-2020-11015



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2f6c532a7b15b1421ea69d12d6cef127752f2d5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2f6c532a7b15b1421ea69d12d6cef127752f2d5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200529/08dfd906/attachment.html>


More information about the debian-security-tracker-commits mailing list