-
freerdp2 (2.10.0+dfsg1-1ubuntu0.3) lunar-security; urgency=medium
* SECURITY UPDATE: OOB write via invalid offset validation
- debian/patches/CVE-2023-39352.patch: add bound check in gdi_SolidFill
in libfreerdp/gdi/gfx.c.
- CVE-2023-39352
* SECURITY UPDATE: OOB read via missing offset validation
- debian/patches/CVE-2023-39356-1.patch: fix checks for multi opaque
rect in libfreerdp/core/orders.c.
- debian/patches/CVE-2023-39356-2.patch: fix reading order number field
in libfreerdp/core/orders.c.
- CVE-2023-39356
-- Marc Deslauriers <email address hidden> Mon, 27 Nov 2023 12:28:28 -0500
-
freerdp2 (2.10.0+dfsg1-1ubuntu0.2) lunar-security; urgency=medium
* SECURITY UPDATE: integer underflow
- debian/patches/CVE-2023-39350.patch: validates package length to prevent
possible out of bound read
- CVE-2023-39350
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2023-39351.patch: frees content of currentMessage on
fail to prevent null pointer access when processing next package
- CVE-2023-39351
* SECURITY UPDATE: missing offset validation
- debian/patches/CVE-2023-39353-01.patch: validates offset to prevent
possible out of bound read
- debian/patches/CVE-2023-39353-02.patch: fixes issues with the previous
patch
- CVE-2023-39353
* SECURITY UPDATE: missing input validation
- debian/patches/CVE-2023-39354.patch: validates input length to prevent
possible out of bound read
- CVE-2023-39354
* SECURITY UPDATE: integer underflow
- debian/patches/CVE-2023-40181.patch: fixes cBitsRemaining calculation to
prevent possible out of bound read
- CVE-2023-40181
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-40186.patch: fixes integer multiplication to
prevent possible out of bound write
- CVE-2023-40186
* SECURITY UPDATE: missing input validation
- debian/patches/ensure_integer_width.patch: ensures integer width
- debian/patches/CVE-2023-40188.patch: validates input length to prevent
possible out of bound read
- CVE-2023-40188
* SECURITY UPDATE: missing offset validation
- debian/patches/CVE-2023-40567.patch: validates offset to prevent
possible out of bound write
- CVE-2023-40567
* SECURITY UPDATE: incorrect parameter calculation
- debian/patches/CVE-2023-40569.patch: fixes nXSrc and nYSrc calculation
to prevent possible out of bound write
- CVE-2023-40569
* SECURITY UPDATE: global buffer overflow
- debian/patches/CVE-2023-40589.patch: fixes index checks
- CVE-2023-40589
-- Jorge Sancho Larraz <email address hidden> Thu, 28 Sep 2023 11:42:28 +0200
-
freerdp2 (2.10.0+dfsg1-1) unstable; urgency=medium
* New upstream release.
- Fix android build scripts, use CMake from SDK.
- Fix connection negotiation with mstsc/msrdc.
- [ntlm]: use rfc5929 binding hash algorithm.
- [channels,printer] Fixed reference counting.
- Fix uwac pixman.
- Fix Rdp security.
- [client,x11] Detect key autorepeat.
- [build] add channel path to RPATH.
- Fix build with BUILTIN_CHANNELS=OFF.
- revert changes so that the osmajortype/osminortype is not overwritten.
- [uwac] do not use iso C functions.
- [winpr,sam] fix inalid NULL arguments.
- Fix incompatible function pointer types.
- Ignore data PDUs for DVCs that were not opened successfully.
- [channel,urbdrc] fix type of usb hotplug callback.
- Extended info enforce limits.
- [core] add missing redirection fields.
* debian/control:
+ Bump Standards-Version: to 4.6.2. No changes needed.
* debian/copyright:
+ Update copyright attributions.
+ Update auto-generated copyright.in file.
* debian/libfreerdp2-2.symbols:
+ Update symbols.
-- Mike Gabriel <email address hidden> Sun, 26 Feb 2023 21:59:16 +0100
-
freerdp2 (2.9.0+dfsg1-1build1) lunar; urgency=medium
* Rebuild against latest icu
-- Jeremy Bicha <email address hidden> Sat, 04 Feb 2023 10:37:17 -0500
-
freerdp2 (2.9.0+dfsg1-1) unstable; urgency=medium
* New upstream release. (Closes: #1024511).
- CVE-2022-39316: Resolve out of bound read in ZGFX decoder component.
- CVE-2022-39317: Resolve missing a range check for input offset index
in ZGFX decoder.
- CVE-2022-39318: Resolve missing input validation in `urbdrc` channel.
- CVE-2022-39319: Resolve missing input length validation in the `urbdrc`
channel
- CVE-2022-39320: Resolve attempting integer addition on too narrow types
leading to allocation of a buffer too small holding the data written.
- CVE-2022-39347: Resolve missing path canonicalization and base path check
for `drive` channel.
- CVE-2022-41877: Resolv missing input length validation in `drive` channel.
- Test if packages' executables can be run without 'undefined symbol:
winpr_PathMakePath' error. (Closes: #1024758).
* debian/copyright:
+ Update auto-generated copyright.in file.
+ Update copyright attributions.
* debian/*.symbols:
+ Update .symbols files.
-- Mike Gabriel <email address hidden> Mon, 28 Nov 2022 09:51:57 +0100
-
freerdp2 (2.8.1+dfsg1-1ubuntu1) lunar; urgency=medium
* SECURITY UPDATE: out of bounds reads in ZGFX decoder component
- debian/patches/CVE-2022-39316_7.patch: added missing length checks in
zgfx_decompress_segment in libfreerdp/codec/zgfx.c.
- CVE-2022-39316
- CVE-2022-39317
* SECURITY UPDATE: missing input validation in urbdrc
- debian/patches/CVE-2022-39318.patch: fixed division by zero in urbdrc
in channels/urbdrc/client/libusb/libusb_udevice.c.
- CVE-2022-39318
* SECURITY UPDATE: missing input length validation in urbdrc
- debian/patches/CVE-2022-39319-1.patch: fixed missing input buffer
length check in urbdrc in channels/urbdrc/client/data_transfer.c.
- debian/patches/CVE-2022-39319-2.patch: added missing length check in
urb_control_transfer in channels/urbdrc/client/data_transfer.c.
- CVE-2022-39319
* SECURITY UPDATE: out of bounds read in usb
- debian/patches/CVE-2022-39320.patch: ensure urb_create_iocompletion
uses size_t for calculation in
channels/urbdrc/client/data_transfer.c.
- CVE-2022-39320
* SECURITY UPDATE: missing path canonicalization and base path check
for drive channel
- debian/patches/CVE-2022-39347-1.patch: added function _wcsncmp in
winpr/include/winpr/string.h, winpr/libwinpr/crt/string.c.
- debian/patches/CVE-2022-39347-2.patch: fix wcs*cmp and wcs*len checks
in winpr/libwinpr/crt/string.c.
- debian/patches/CVE-2022-39347-3.patch: added wcsstr implementation in
winpr/include/winpr/string.h, winpr/libwinpr/crt/string.c.
- debian/patches/CVE-2022-39347-4.patch: fixed path validation in drive
channel in channels/drive/client/drive_file.c,
channels/drive/client/drive_file.h,
channels/drive/client/drive_main.c.
- CVE-2022-39347
-- Marc Deslauriers <email address hidden> Mon, 21 Nov 2022 08:33:23 -0500
-
freerdp2 (2.8.1+dfsg1-1) unstable; urgency=medium
* New upstream release. (Closes: #1021659).
- Fixes CVE-2022-39282, CVE-2022-39283.
* debian/patches:
+ Drop 1001_amend-DumpThreadHandles-inclusion.patch. Resolved upstream.
-- Mike Gabriel <email address hidden> Wed, 12 Oct 2022 23:26:31 +0200
-
freerdp2 (2.8.1+dfsg1-0ubuntu1) kinetic; urgency=medium
* Sync with Debian.
* New upstream bugfix release. (LP: #1992642)
- Includes fixes for CVE-2022-39282 & CVE-2022-39282
* Drop patch: applied in new release
freerdp2 (2.8.0+dfsg1-1) unstable; urgency=medium
* New upstream version. (Closes: #1016491).
* debian/control:
+ Bump Standards-Version: to 4.6.1. No changes needed.
* debian/copyright:
+ Update auto-generated copyright.in file.
+ Update copyright attributions.
* debian/patches:
+ Drop 1001_keep-symbol-DumpThreadHandles-if-debugging-is-disabled.patch.
Similar solution applied upstream, but only partially, it seems.
+ Add 1001_amend-DumpThreadHandles-inclusion.patch. Amend missing adjustment
in thread.h.
* debian/*.symbols:
+ Update .symbols files for 2.8.0.
-- Jeremy Bicha <email address hidden> Wed, 12 Oct 2022 08:45:55 -0400