[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-17177/freerdp: reference sanctioned patch
Sylvain Beucler (@beuc)
beuc at debian.org
Sat Dec 16 11:12:19 GMT 2023
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5bc67201 by Sylvain Beucler at 2023-12-16T11:27:16+01:00
CVE-2019-17177/freerdp: reference sanctioned patch
- - - - -
56ad4666 by Sylvain Beucler at 2023-12-16T12:04:25+01:00
CVE-2019-17178/freerdp: stretch not-affected
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -302128,12 +302128,14 @@ CVE-2019-17178 (HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through
- freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-2
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u1
- freerdp <removed>
- [stretch] - freerdp <postponed> (Minor issue, can be fixed along with next DLA)
+ [stretch] - freerdp <not-affected> (Vulnerable code not present)
NOTE: https://github.com/FreeRDP/FreeRDP/issues/5645
- NOTE: https://github.com/akallabeth/FreeRDP/commit/fc80ab45621bd966f70594c0b7393ec005a94007
+ NOTE: https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a (v2.0.0)
NOTE: Multiple source packages embed a copy of lodepng (openscad, tbb, mame, passage,
NOTE: quakespasm, simbody, paraview, dart, drumgizmo, doxygen, love, libtcod, f
NOTE: cubicsdr, nestopia, refind, zopfli, montage), but don't seem security-relevant
+ NOTE: embedded from: https://github.com/FreeRDP/FreeRDP/commit/1c345834079f3c8b581204e36b0cf0f3c021c445 (2.0.0-beta1+android10)
+ NOTE: to: https://github.com/FreeRDP/FreeRDP/commit/605b6b6233e52151d208b7faa87691533a857b07 (3.0.0-beta2)
CVE-2019-17177 (libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0 ...)
- freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-2 (low)
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u1
@@ -302141,7 +302143,7 @@ CVE-2019-17177 (libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x throu
[stretch] - freerdp <no-dsa> (Minor issue)
[jessie] - freerdp <ignored> (Minor issue; Patching this old version would be very invasive; no upstream patch available)
NOTE: https://github.com/FreeRDP/FreeRDP/issues/5645
- NOTE: https://github.com/akallabeth/FreeRDP/commit/fc80ab45621bd966f70594c0b7393ec005a94007
+ NOTE: https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a (v2.0.0)
CVE-2019-17176 (Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPa ...)
NOT-FOR-US: Genesys PureEngage Digital (eServices)
CVE-2019-17175 (joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9e1f8ac45de4d5f13c4c673c105d856635291f13...56ad46662a1a0b63e73d595af24b345ff2469e9c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9e1f8ac45de4d5f13c4c673c105d856635291f13...56ad46662a1a0b63e73d595af24b345ff2469e9c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231216/eb97220a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list