[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2024-32039, CVE-2024-32040, CVE-2024-32041, CVE-2024-32458, CVE-2024-32459, CVE...

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Fri May 3 14:09:33 BST 2024 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
058e502a by Sylvain Beucler at 2024-05-03T15:09:09+02:00
CVE-2024-32039,CVE-2024-32040,CVE-2024-32041,CVE-2024-32458,CVE-2024-32459,CVE-2024-32460/freerdp*: reference patches

- - - - -
32ef1278 by Sylvain Beucler at 2024-05-03T15:09:11+02:00
Introductory commits for CVE-2024-32659,CVE-2024-32661,CVE-2024-32662/freerdp* + CVE-2024-32662/freerdp2 not-affected

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2438,9 +2438,10 @@ CVE-2024-32675 (Missing Authorization vulnerability in Xfinity Soft Order Limit
 	NOT-FOR-US: WordPress plugin
 CVE-2024-32662 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
 	- freerdp3 3.5.1+dfsg1-1
-	- freerdp2 <unfixed>
+	- freerdp2 <not-affected>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vffh-j6hh-95f4
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/626d10a94a88565d957ddc30768ed08b320049a7 (3.5.1)
+	NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/ae8f0106bd9d79dc0369c19b632c5112338ecad4 (3.0.0-beta1)
 CVE-2024-32432 (Missing Authorization vulnerability in Ovic Team Ovic Addon Toolkit.Th ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-32078 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...)
@@ -2575,6 +2576,7 @@ CVE-2024-32661 (FreeRDP is a free implementation of the Remote Desktop Protocol.
 	- freerdp2 <unfixed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p5m5-342g-pv9m
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc814592f56600793 (3.5.1)
+	NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/1b2b1c4ac14ac43f4e475488763d8659bd934eb6 (2.0.0-beta1+android10)
 CVE-2024-32660 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 3.5.1+dfsg1-1 (bug #1069752)
 	- freerdp2 <unfixed>
@@ -2585,6 +2587,7 @@ CVE-2024-32659 (FreeRDP is a free implementation of the Remote Desktop Protocol.
 	- freerdp2 <unfixed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jgr-7r33-x87w
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6430945ce003a5e24d454d8566f54aae1b6b617b (3.5.1)
+	NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/c697941de2b7062821e004411ec18ea71e50a30d (1.2.0-beta1+android7)
 CVE-2024-32658 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
 	- freerdp3 3.5.1+dfsg1-1 (bug #1069752)
 	- freerdp2 <unfixed>
@@ -2809,26 +2812,38 @@ CVE-2024-32041 (FreeRDP is a free implementation of the Remote Desktop Protocol.
 	- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
 	- freerdp2 <unfixed> (bug #1069728)
 	NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5r4p-mfx2-m44r
+	NOTE: https://github.com/FreeRDP/FreeRDP/commit/d88ad1acd142769650a6159906ac90f46a766265 (2.11.6)
 CVE-2024-32039 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
 	- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
 	- freerdp2 <unfixed> (bug #1069728)
 	NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5h8-7j42-j4r9
+	NOTE: https://github.com/FreeRDP/FreeRDP/commit/d88ad1acd142769650a6159906ac90f46a766265 (2.11.6)
 CVE-2024-32040 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
 	- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
 	- freerdp2 <unfixed> (bug #1069728)
 	NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-23c5-cp23-h2h5
+	NOTE: https://github.com/FreeRDP/FreeRDP/commit/5893b5f277db38b0040c572b078de838b84cfc07 (2.11.6)
 CVE-2024-32458 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
 	- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
 	- freerdp2 <unfixed> (bug #1069728)
 	NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vvr6-h646-mp4p
+	NOTE: https://github.com/FreeRDP/FreeRDP/commit/9bc624c721ecde8251cfabd1edf069bc713ccc97 (2.11.6)
 CVE-2024-32459 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
 	- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
 	- freerdp2 <unfixed> (bug #1069728)
 	NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cp4q-p737-rmw9
+	NOTE: https://github.com/FreeRDP/FreeRDP/commit/b70c8e989d2807cea47bbf89e57700b5a10b2ca7 (2.11.6)
 CVE-2024-32460 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
 	- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
 	- freerdp2 <unfixed> (bug #1069728)
 	NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4rr8-gr65-vqrr
+	NOTE: https://github.com/FreeRDP/FreeRDP/commit/18cef378eae2b63a1a750da242f00da12b5b3881 (2.11.6)
 CVE-2024-32493 (An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0 ...)
 	- znuny 6.5.8-1
 	[bookworm] - znuny <no-dsa> (Non-free not supported)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cf1975168a6e816c2d0026af9e931d644c067936...32ef12782b97d954059a5970c59677086182c428

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cf1975168a6e816c2d0026af9e931d644c067936...32ef12782b97d954059a5970c59677086182c428
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240503/3fb02423/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list