[Git][security-tracker-team/security-tracker][master] Add new freerdp3 issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 13 20:28:54 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9aca1655 by Salvatore Bonaccorso at 2026-03-13T21:28:29+01:00
Add new freerdp3 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -309,15 +309,28 @@ CVE-2026-31915 (Missing Authorization vulnerability in UX-themes Flatsome flatso
 CVE-2026-31899 (CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Pr ...)
 	TODO: check
 CVE-2026-31897 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
-	TODO: check
+	- freerdp3 3.24.0+dfsg-1
+	- freerdp2 <removed>
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xgv6-r22m-7c9x
+	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/cd27c8faca0eeb0d4309cc5837dfdf3c42eba4e7 (3.24.0)
 CVE-2026-31886 (Dagu is a workflow engine with a built-in Web user interface. Prior to ...)
 	TODO: check
 CVE-2026-31885 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
-	TODO: check
+	- freerdp3 3.24.0+dfsg-1
+	- freerdp2 <removed>
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h23r-3988-3wf3
+	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/16df2300e1e3f5a51f68fb1626429e58b531b7c8 (3.24.0)
 CVE-2026-31884 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
-	TODO: check
+	- freerdp3 3.24.0+dfsg-1
+	- freerdp2 <removed>
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jp7m-94ww-p56r
+	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/03b48b3601d867afccac1cdc6081de7a275edce7 (3.24.0)
+	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/16df2300e1e3f5a51f68fb1626429e58b531b7c8 (3.24.0)
 CVE-2026-31883 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
-	TODO: check
+	- freerdp3 3.24.0+dfsg-1
+	- freerdp2 <removed>
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-85x9-4xxp-xhm5
+	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/16df2300e1e3f5a51f68fb1626429e58b531b7c8 (3.24.0)
 CVE-2026-31882 (Dagu is a workflow engine with a built-in Web user interface. Prior to ...)
 	TODO: check
 CVE-2026-31864 (JumpServer is an open source bastion host and an operation and mainten ...)
@@ -325,7 +338,10 @@ CVE-2026-31864 (JumpServer is an open source bastion host and an operation and m
 CVE-2026-31814 (Yamux is a stream multiplexer over reliable, ordered connections such  ...)
 	TODO: check
 CVE-2026-31806 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
-	TODO: check
+	- freerdp3 3.24.0+dfsg-1
+	- freerdp2 <removed>
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrqm-46rj-cmx2
+	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/83d9aedea278a74af3e490ff5eeb889c016dbb2b (3.24.0)
 CVE-2026-31798 (JumpServer is an open source bastion host and an operation and mainten ...)
 	TODO: check
 CVE-2026-30961 (Gokapi is a self-hosted file sharing server with automatic expiration  ...)
@@ -349,11 +365,20 @@ CVE-2026-2859 (Improper permission enforcement in Checkmk versions 2.4.0 before
 CVE-2026-2257 (The GetGenie plugin for WordPress is vulnerable to Insecure Direct Obj ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-29776 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
-	TODO: check
+	- freerdp3 3.24.0+dfsg-1
+	- freerdp2 <removed>
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c747-x4wf-cqrr
+	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/a9e0abf2eac8c2e370fa155bf1abb9d044c0ca8a (3.24.0)
 CVE-2026-29775 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
-	TODO: check
+	- freerdp3 3.24.0+dfsg-1
+	- freerdp2 <removed>
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h666-rfw3-jhvj
+	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/ffad58fd2b329efd81a3239e9d7e3c927b8e503f (3.24.0)
 CVE-2026-29774 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
-	TODO: check
+	- freerdp3 3.24.0+dfsg-1
+	- freerdp2 <removed>
+	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5q35-hv9x-7794
+	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6482b7a92fff3959582cef052d1967ad6bde3738 (3.24.0)
 CVE-2026-29079 (Lexbor is a web browser engine library. Prior to 2.7.0, a type\u2011co ...)
 	TODO: check
 CVE-2026-29078 (Lexbor is a web browser engine library. Prior to 2.7.0, the ISO\u20112 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9aca1655968b150f766ed3fa55403e6dc7a7dd4f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9aca1655968b150f766ed3fa55403e6dc7a7dd4f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260313/ba560917/attachment.htm>

More information about the debian-security-tracker-commits mailing list