[Git][security-tracker-team/security-tracker][master] Reserve DLA-3606-1 for freerdp2
Tobias Frost (@tobi)
tobi at debian.org
Sat Oct 7 18:22:43 BST 2023
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits:
39e68e24 by Tobias Frost at 2023-10-07T19:34:11+02:00
Reserve DLA-3606-1 for freerdp2
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -242062,7 +242062,6 @@ CVE-2020-15104 (In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when
- envoyproxy <itp> (bug #987544)
CVE-2020-15103 (In FreeRDP less than or equal to 2.1.2, an integer overflow exists due ...)
- freerdp2 2.2.0+dfsg1-1 (bug #965979)
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <not-affected> (Vulnerable gfx code not present)
NOTE: https://github.com/FreeRDP/FreeRDP/pull/6381
@@ -246924,19 +246923,16 @@ CVE-2020-13399
CVE-2020-13398 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
{DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea
CVE-2020-13397 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
{DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8
CVE-2020-13396 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
{DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc
CVE-2020-13395
@@ -254026,29 +254022,24 @@ CVE-2016-11023 (odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection
NOT-FOR-US: odata4j
CVE-2020-11099 (In FreeRDP before version 2.1.2, there is an out of bounds read in lic ...)
- freerdp2 2.1.2+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h
CVE-2020-11098 (In FreeRDP before version 2.1.2, there is an out-of-bound read in glyp ...)
- freerdp2 2.1.2+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv
CVE-2020-11097 (In FreeRDP before version 2.1.2, an out of bounds read occurs resultin ...)
- freerdp2 2.1.2+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f
CVE-2020-11096 (In FreeRDP before version 2.1.2, there is a global OOB read in update_ ...)
- freerdp2 2.1.2+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x
CVE-2020-11095 (In FreeRDP before version 2.1.2, an out of bound reads occurs resultin ...)
- freerdp2 2.1.2+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2
@@ -254064,30 +254055,25 @@ CVE-2020-11090 (In Indy Node 1.12.2, there is an Uncontrolled Resource Consumpti
NOT-FOR-US: Indy Node
CVE-2020-11089 (In FreeRDP before 2.1.0, there is an out-of-bound read in irp function ...)
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h
CVE-2020-11088 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read ...)
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp
CVE-2020-11087 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read ...)
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7
CVE-2020-11086 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read ...)
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974
CVE-2020-11085 (In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_rea ...)
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf
CVE-2020-11084 (In iPear, the manual execution of the eval() function can lead to comm ...)
@@ -254185,7 +254171,6 @@ CVE-2020-11059 (In AEgir greater than or equal to 21.7.0 and less than 21.10.1,
CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in ...)
{DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g
NOTE: https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf
@@ -254211,7 +254196,6 @@ CVE-2020-11050 (In Java-WebSocket less than or equal to 1.4.1, there is an Impro
NOT-FOR-US: Java-WebSocket, different from src:websocket-api
CVE-2020-11049 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read o ...)
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr
NOTE: Fixed with: https://github.com/FreeRDP/FreeRDP/pull/6019
@@ -254219,14 +254203,12 @@ CVE-2020-11049 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound
CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. ...)
{DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6007
CVE-2020-11047 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read ...)
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65
@@ -254234,7 +254216,6 @@ CVE-2020-11047 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds
CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds ...)
{DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37
@@ -254242,49 +254223,41 @@ CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-
CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read i ...)
{DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6005
CVE-2020-11044 (In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_ ...)
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6013
CVE-2020-11043 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read ...)
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84
CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bound ...)
{DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6010
CVE-2020-11041 (In FreeRDP less than or equal to 2.0.0, an outside controlled array in ...)
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w
CVE-2020-11040 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data ...)
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr
CVE-2020-11039 (In FreeRDP less than or equal to 2.0.0, when using a manipulated serve ...)
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq
CVE-2020-11038 (In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer ...)
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g
CVE-2020-11037 (In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack ...)
@@ -254399,17 +254372,14 @@ CVE-2020-11020 (Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4
NOTE: https://github.com/faye/faye/commit/65d297d341b607f3cb0b5fa6021a625a991cc30e
CVE-2020-11019 (In FreeRDP less than or equal to 2.0.0, when running with logger set t ...)
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh
CVE-2020-11018 (In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion ...)
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw
CVE-2020-11017 (In FreeRDP less than or equal to 2.0.0, by providing manipulated input ...)
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c
CVE-2020-11016 (IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vuln ...)
@@ -272358,23 +272328,19 @@ CVE-2020-4034
RESERVED
CVE-2020-4033 (In FreeRDP before version 2.1.2, there is an out of bounds read in RLE ...)
- freerdp2 2.1.2+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8
CVE-2020-4032 (In FreeRDP before version 2.1.2, there is an integer casting vulnerabi ...)
- freerdp2 2.1.2+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc
CVE-2020-4031 (In FreeRDP before version 2.1.2, there is a use-after-free in gdi_Sele ...)
- freerdp2 2.1.2+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g
CVE-2020-4030 (In FreeRDP before version 2.1.2, there is an out of bounds read in Tri ...)
- freerdp2 2.1.2+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[07 Oct 2023] DLA-3606-1 freerdp2 - security update
+ {CVE-2020-4030 CVE-2020-4031 CVE-2020-4032 CVE-2020-4033 CVE-2020-11017 CVE-2020-11018 CVE-2020-11019 CVE-2020-11038 CVE-2020-11039 CVE-2020-11040 CVE-2020-11041 CVE-2020-11042 CVE-2020-11043 CVE-2020-11044 CVE-2020-11045 CVE-2020-11046 CVE-2020-11047 CVE-2020-11048 CVE-2020-11049 CVE-2020-11058 CVE-2020-11085 CVE-2020-11086 CVE-2020-11087 CVE-2020-11088 CVE-2020-11089 CVE-2020-11095 CVE-2020-11096 CVE-2020-11097 CVE-2020-11098 CVE-2020-11099 CVE-2020-13396 CVE-2020-13397 CVE-2020-13398 CVE-2020-15103 CVE-2023-39350 CVE-2023-39351 CVE-2023-39352 CVE-2023-39353 CVE-2023-39354 CVE-2023-39355 CVE-2023-39356 CVE-2023-39357 CVE-2023-40181 CVE-2023-40186 CVE-2023-40188 CVE-2023-40569 CVE-2023-40589}
+ [buster] - freerdp2 2.3.0+dfsg1-2+deb10u3
[06 Oct 2023] DLA-3605-1 grub2 - security update
{CVE-2023-4692 CVE-2023-4693}
[buster] - grub2 2.06-3~deb10u4
=====================================
data/dla-needed.txt
=====================================
@@ -83,10 +83,6 @@ freeimage (gladk)
NOTE: 20230826: about this. Anyway, too many CVEs piled up. I feel we should roll
NOTE: 20230826: out the DLA/ELA now. (utkarsh)
--
-freerdp2 (tobi)
- NOTE: 20230924: Added by Front-Desk (apo)
- NOTE: 20230924: Too many unresolved issues have piled up. High popcon. (apo)
---
gst-plugins-bad1.0 (Thorsten Alteholz)
NOTE: 20230928: Added by Frond-Desk (ola)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39e68e2404bf7e9dd1594d6f7636f747b28143eb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39e68e2404bf7e9dd1594d6f7636f747b28143eb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231007/40be41e5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list