[Git][security-tracker-team/security-tracker][master] 2 commits: Handle src:freerdp3 to src:freerdp source package rename
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 12 09:23:38 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
011544f5 by Salvatore Bonaccorso at 2026-02-12T08:23:54+01:00
Handle src:freerdp3 to src:freerdp source package rename
With the freerdp/3.22.0+dfsg-2 upload to unstable the src:freerdp3
source package was renamed back to src:freerdp. There are a lot of
issues fixed in later 2.x releases which now would re-appear as unfixed
for src:freerdp. As they were already addressed mark the first version
which does the rename and was uploaded to unstable as the fixed version
for this class of CVEs, which are already fixed in an earlier version.
Link: https://tracker.debian.org/news/1714963/accepted-freerdp-3220dfsg-2-source-into-unstable/
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
a4d3bcef by Salvatore Bonaccorso at 2026-02-12T10:23:31+01:00
Merge branch 'freerdp-rename-and-version-workaround' into 'master'
Handle src:freerdp3 to src:freerdp source package rename
See merge request security-tracker-team/security-tracker!265
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -377833,18 +377833,20 @@ CVE-2022-24884 (ecdsautils is a tiny collection of programs used for ECDSA (keyg
CVE-2022-24883 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...)
{DLA-4053-1 DLA-3654-1}
- freerdp2 2.7.0+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc
NOTE: Fixed by (backport): https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2022-24882 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...)
{DLA-4070-1}
- freerdp2 2.7.0+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6x5p-gp49-3jhh
NOTE: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95
NOTE: Pull request for stable 2.0 branch: https://github.com/FreeRDP/FreeRDP/pull/7750
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2022-24881 (Ballcat Codegen provides the function of online editing code to genera ...)
NOT-FOR-US: Ballcat Codegen
CVE-2022-24880 (flask-session-captcha is a package which allows users to extend Flask ...)
@@ -405997,20 +405999,22 @@ CVE-2021-41161 (Combodo iTop is a web based IT Service Management tool. In versi
CVE-2021-41160 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
{DLA-4053-1 DLA-3654-1}
- freerdp2 2.4.1+dfsg1-1 (bug #1001062)
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg
NOTE: https://github.com/FreeRDP/FreeRDP/pull/7349
NOTE: https://github.com/FreeRDP/FreeRDP/commit/217e0caa181fc1690cf84dd6a3ba1a4f90c02692
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2021-41159 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
- freerdp2 2.4.1+dfsg1-1 (bug #1001061)
[bullseye] - freerdp2 <ignored> (Patch is too instrusive to backport)
[buster] - freerdp2 <ignored> (Patch is too instrusive to backport)
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq
NOTE: https://github.com/FreeRDP/FreeRDP/commit/d39a7ba5c38e3ba3b99b1558dc2ab0970cbfb0c5 (Stable 2.0 backports)
NOTE: The RFC gateway parsing code has been completly refactored, backporting to 2.3.x is not feasible.
NOTE: https://github.com/FreeRDP/FreeRDP/commit/f0b44da67c09488178000725ff9f2729ccfdf9fe
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2021-41158 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
- freeswitch <itp> (bug #389591)
NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4
@@ -501543,11 +501547,12 @@ CVE-2020-15104 (In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when
CVE-2020-15103 (In FreeRDP less than or equal to 2.1.2, an integer overflow exists due ...)
{DLA-3606-1}
- freerdp2 2.2.0+dfsg1-1 (bug #965979)
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
[stretch] - freerdp <not-affected> (Vulnerable gfx code not present)
NOTE: https://github.com/FreeRDP/FreeRDP/pull/6381
NOTE: https://github.com/FreeRDP/FreeRDP/commit/be8c8640ead04b1e4fc9176c504bf688351c8924 (stable-2.0)
NOTE: https://github.com/FreeRDP/FreeRDP/commit/da684f5335c2b3b726a39f3c091ce804e55f4f8e (stable-2.0)
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-15102 (In PrestaShop Dashboard Productions before version 2.1.0, there is imp ...)
NOT-FOR-US: PrestaShop
CVE-2020-15101 (In freewvs before 0.1.1, a directory structure of more than 1000 neste ...)
@@ -506415,18 +506420,21 @@ CVE-2020-13399
CVE-2020-13398 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
{DLA-3606-1 DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-13397 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
{DLA-3606-1 DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-13396 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
{DLA-3606-1 DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-13395
RESERVED
CVE-2020-13394 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
@@ -512571,44 +512579,50 @@ CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0
{DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/192856cb59974ee4d7d3e72cbeafa676aa7565cf
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 ...)
{DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg
NOTE: https://github.com/FreeRDP/FreeRDP/commit/0b6b92a25a77d533b8a92d6acc840a81e103684e
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0 ...)
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw
NOTE: https://github.com/FreeRDP/FreeRDP/commit/7b1d4b49391b4512402840431757703a96946820
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 ha ...)
{DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42
NOTE: https://github.com/FreeRDP/FreeRDP/commit/ce21b9d7ecd967e0bc98ed31a6b3757848aa6c9e
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of- ...)
{DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh
NOTE: https://github.com/FreeRDP/FreeRDP/commit/907640a924fa7a9a99c80a48ac225e9d8e41548b
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 h ...)
{DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w
NOTE: https://github.com/FreeRDP/FreeRDP/commit/17f547ae11835bb11baa3d045245dc1694866845
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11520 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows ...)
NOT-FOR-US: WinMagic SecureDoc
CVE-2020-11519 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows ...)
@@ -513513,35 +513527,40 @@ CVE-2016-11023 (odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection
CVE-2020-11099 (In FreeRDP before version 2.1.2, there is an out of bounds read in lic ...)
{DLA-3606-1}
- freerdp2 2.1.2+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11098 (In FreeRDP before version 2.1.2, there is an out-of-bound read in glyp ...)
{DLA-3606-1}
- freerdp2 2.1.2+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11097 (In FreeRDP before version 2.1.2, an out of bounds read occurs resultin ...)
{DLA-3606-1}
- freerdp2 2.1.2+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11096 (In FreeRDP before version 2.1.2, there is a global OOB read in update_ ...)
{DLA-3606-1}
- freerdp2 2.1.2+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/b8beb55913471952f92770c90c372139d78c16c0 (3.0.0-beta1)
NOTE: Regression fix: https://github.com/FreeRDP/FreeRDP/commit/ce1a9d8d1969ecbb4d24b9f4812654638a44abc2 (3.0.0-beta1)
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/746d10179c54e77beccf0b4edf2c9803d5a8e7da (2.1.2)
NOTE: Regression fix: https://github.com/FreeRDP/FreeRDP/commit/62530e2d9dab999d1c5ddd1368d67c599dccd580 (2.2.0)
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11095 (In FreeRDP before version 2.1.2, an out of bound reads occurs resultin ...)
{DLA-3606-1}
- freerdp2 2.1.2+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11094 (The October CMS debugbar plugin before version 3.1.0 contains a featur ...)
NOT-FOR-US: October CMS
CVE-2020-11093 (Hyperledger Indy Node is the server portion of a distributed ledger pu ...)
@@ -513555,31 +513574,36 @@ CVE-2020-11090 (In Indy Node 1.12.2, there is an Uncontrolled Resource Consumpti
CVE-2020-11089 (In FreeRDP before 2.1.0, there is an out-of-bound read in irp function ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11088 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11087 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11086 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11085 (In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_rea ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11084 (In iPear, the manual execution of the eval() function can lead to comm ...)
NOT-FOR-US: iPear
CVE-2020-11083 (In October from version 1.0.319 and before version 1.0.466, a user wit ...)
@@ -513674,10 +513698,11 @@ CVE-2020-11059 (In AEgir greater than or equal to 21.7.0 and less than 21.10.1,
CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in ...)
{DLA-3606-1 DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g
NOTE: https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6011
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11057 (In XWiki Platform 7.2 through 11.10.2, registered users without script ...)
NOT-FOR-US: XWiki
CVE-2020-11056 (In Sprout Forms before 3.9.0, there is a potential Server-Side Templat ...)
@@ -513700,38 +513725,43 @@ CVE-2020-11050 (In Java-WebSocket less than or equal to 1.4.1, there is an Impro
CVE-2020-11049 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read o ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr
NOTE: Fixed with: https://github.com/FreeRDP/FreeRDP/pull/6019
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6008
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. ...)
{DLA-3606-1 DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6007
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11047 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6009
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds ...)
{DLA-3606-1 DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6006
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read i ...)
{DLA-3606-1 DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6005
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11044 (In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_ ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
@@ -513739,38 +513769,45 @@ CVE-2020-11044 (In FreeRDP greater than 1.2 and before 2.0.0, a double free in u
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6013
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11043 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bound ...)
{DLA-3606-1 DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6010
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11041 (In FreeRDP less than or equal to 2.0.0, an outside controlled array in ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11040 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11039 (In FreeRDP less than or equal to 2.0.0, when using a manipulated serve ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11038 (In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11037 (In Wagtail before versions 2.7.3 and 2.8.2, a potential timing attack ...)
NOT-FOR-US: Wagtail
CVE-2020-11036 (In GLPI before version 9.4.6 there are multiple related stored XSS vul ...)
@@ -513884,18 +513921,21 @@ CVE-2020-11020 (Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4
CVE-2020-11019 (In FreeRDP less than or equal to 2.0.0, when running with logger set t ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11018 (In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11017 (In FreeRDP less than or equal to 2.0.0, by providing manipulated input ...)
{DLA-3606-1}
- freerdp2 2.1.1+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-11016 (IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vuln ...)
NOT-FOR-US: IntelMQ Manager
CVE-2020-11015 (A vulnerability has been disclosed in thinx-device-api IoT Device Mana ...)
@@ -531852,25 +531892,29 @@ CVE-2020-4034
CVE-2020-4033 (In FreeRDP before version 2.1.2, there is an out of bounds read in RLE ...)
{DLA-3606-1}
- freerdp2 2.1.2+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-4032 (In FreeRDP before version 2.1.2, there is an integer casting vulnerabi ...)
{DLA-3606-1}
- freerdp2 2.1.2+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-4031 (In FreeRDP before version 2.1.2, there is a use-after-free in gdi_Sele ...)
{DLA-3606-1}
- freerdp2 2.1.2+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-4030 (In FreeRDP before version 2.1.2, there is an out of bounds read in Tri ...)
{DLA-3606-1}
- freerdp2 2.1.2+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2020-4029 (The /rest/project-templates/1.0/createshared resource in Atlassian Jir ...)
NOT-FOR-US: Atlassian
CVE-2020-4028 (Versions before 8.9.1, Various resources in Jira responded with a 404 ...)
@@ -548622,7 +548666,7 @@ CVE-2019-17179 (4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.
CVE-2019-17178 (HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-0 ...)
- freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-2
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
[stretch] - freerdp <not-affected> (Vulnerable code not present)
NOTE: https://github.com/FreeRDP/FreeRDP/issues/5645
NOTE: https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a (v2.0.0)
@@ -548631,15 +548675,17 @@ CVE-2019-17178 (HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through
NOTE: cubicsdr, nestopia, refind, zopfli, montage), but don't seem security-relevant
NOTE: embedded from: https://github.com/FreeRDP/FreeRDP/commit/1c345834079f3c8b581204e36b0cf0f3c021c445 (2.0.0-beta1+android10)
NOTE: to: https://github.com/FreeRDP/FreeRDP/commit/605b6b6233e52151d208b7faa87691533a857b07 (3.0.0-beta2)
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2019-17177 (libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0 ...)
- freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-2 (low)
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u1
- - freerdp <removed> (low)
+ - freerdp 3.22.0+dfsg-2 (low)
[stretch] - freerdp <not-affected> (Vulnerable code not present)
[jessie] - freerdp <ignored> (Minor issue; Patching this old version would be very invasive; no upstream patch available)
NOTE: https://github.com/FreeRDP/FreeRDP/issues/5645
NOTE: https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a (v2.0.0)
NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/d1e75efb8c8822716aaf41acd3a947d0641e9b21 (1.2.0-beta1+android7)
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2019-17176 (Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPa ...)
NOT-FOR-US: Genesys PureEngage Digital (eServices)
CVE-2019-17175 (joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path ...)
@@ -590253,6 +590299,7 @@ CVE-2018-1000852 (FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c6
NOTE: https://github.com/FreeRDP/FreeRDP/issues/4866
NOTE: https://github.com/FreeRDP/FreeRDP/pull/4871
NOTE: https://github.com/FreeRDP/FreeRDP/commit/baee520e3dd9be6511c45a14c5f5e77784de1471
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2018-1000851 (Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/ ...)
NOT-FOR-US: Copay Bitcoin Wallet
CVE-2018-1000850 (Square Retrofit version versions from (including) 2.0 and 2.5.0 (exclu ...)
@@ -628532,39 +628579,45 @@ CVE-2018-8790 (Check Point ZoneAlarm version 15.3.064.17729 and below expose a W
CVE-2018-8789 (FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Read ...)
{DLA-1666-1}
- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
[stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3
NOTE: https://github.com/FreeRDP/FreeRDP/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2018-8788 (FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of ...)
{DLA-1666-1}
- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
[stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3
NOTE: https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2018-8787 (FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that l ...)
{DLA-1666-1}
- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
[stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3
NOTE: https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2018-8786 (FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that ...)
{DLA-1666-1}
- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
[stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3
NOTE: https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2018-8785 (FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overfl ...)
- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
[stretch] - freerdp <not-affected> (Vulnerable code not present, zgfx not yet supported)
[jessie] - freerdp <not-affected> (Vulnerable code not present, zgfx not yet supported)
NOTE: https://github.com/FreeRDP/FreeRDP/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2018-8784 (FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overfl ...)
- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
- - freerdp <removed>
+ - freerdp 3.22.0+dfsg-2
[stretch] - freerdp <not-affected> (Vulnerable code not present, zgfx not yet supported)
[jessie] - freerdp <not-affected> (Vulnerable code not present, zgfx not yet supported)
NOTE: https://github.com/FreeRDP/FreeRDP/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2018-8783
RESERVED
CVE-2018-8782
@@ -784525,10 +784578,11 @@ CVE-2013-7260 (Multiple stack-based buffer overflows in RealNetworks RealPlayer
NOT-FOR-US: RealPlayer
CVE-2014-0791 (Integer overflow in the license_read_scope_list function in libfreerdp ...)
{DLA-2356-1}
- - freerdp <removed> (unimportant)
+ - freerdp 3.22.0+dfsg-2 (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=998941
NOTE: https://github.com/FreeRDP/FreeRDP/commit/f1d6afca6ae620f9855a33280bdc6f3ad9153be0#diff-b6d68bbca6e0f5875c57ef225cd65c45
NOTE: A malicous license has simpler means to DoS a RDP client, e.g. by simply stating that no valid license exists etc.
+ NOTE: Mark freerdp/3.22.0+dfsg-2 as fixed version as first version after the freerdp3 to freerdp rename
CVE-2014-0789 (Multiple buffer overflows in the OPC Automation 2.0 Server Object Acti ...)
NOT-FOR-US: OPC Automation 2.0 Server
CVE-2014-0788
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ef73116d12bc37c3ddf6e0d8541a392606b0ea97...a4d3bcefc0802d0fe2fc8a3753588dc543365b09
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ef73116d12bc37c3ddf6e0d8541a392606b0ea97...a4d3bcefc0802d0fe2fc8a3753588dc543365b09
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260212/049d0fc6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list