[Git][security-tracker-team/security-tracker][master] CVE-2025-4478/freerdp*: reference introductory commit

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Fri May 23 17:37:30 BST 2025 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
baa2e279 by Sylvain Beucler at 2025-05-23T18:37:01+02:00
CVE-2025-4478/freerdp*: reference introductory commit

This commit introduces the new io->TransportDisconnect pointer,
and a new transport_disconnect implementation where the segfault happens when it's NULL.

Full freerdp2 package probably <not-affected>, leaving as-is for review.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2911,9 +2911,11 @@ CVE-2024-13914 (The File Manager Advanced Shortcode WordPress plugin for WordPre
 CVE-2025-4478 (A flaw was found in the gnome-remote-desktop used by Anaconda's remote ...)
 	- freerdp3 <unfixed> (bug #1105917)
 	- freerdp2 <removed>
+	[bullseye] - freerdp2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2365232#c9
 	NOTE: Vulnerability in freerdp code, which transitively affects gnome-remote-desktop
 	NOTE: https://github.com/FreeRDP/FreeRDP/pull/11573
+	NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/cf2daeb01d3325a9de97348047caf4b8974f2b76 (3.0.0-beta1)
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/a4bb702aa62e4fad91ca99142de075265555ec18
 CVE-2025-23165 (In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a  ...)
 	- nodejs 20.19.2+dfsg-1 (bug #1105832)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baa2e27955e62707289496e09abf5a59c68115dc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baa2e27955e62707289496e09abf5a59c68115dc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250523/c8cc7809/attachment.htm>

More information about the debian-security-tracker-commits mailing list