-
freerdp2 (2.11.5+dfsg1-1build2) noble; urgency=medium
* No-change rebuild against libssl3t64.
-- Colin Watson <email address hidden> Mon, 15 Apr 2024 19:28:29 +0100
-
freerdp2 (2.11.5+dfsg1-1build1) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- Steve Langasek <email address hidden> Sun, 31 Mar 2024 05:22:54 +0000
-
freerdp2 (2.11.5+dfsg1-1) unstable; urgency=medium
* New upstream release.
- CVE-2024-22211: Fix integer overflow in progressive decoder. (Closes:
#1061173).
* Upload time_t64 changes to unstable. (Closes: #1061952).
* debian/watch:
+ Adjust so we only see 2.x release.
* debian/control:
+ Switch from pkg-config to pkgconf. Thanks, lintian.
-- Mike Gabriel <email address hidden> Mon, 25 Mar 2024 16:09:04 +0100
-
freerdp2 (2.11.2+dfsg1-1build3) noble; urgency=medium
* No-change rebuild against libcups2t64.
-- Michael Hudson-Doyle <email address hidden> Wed, 20 Mar 2024 13:47:50 +1300
-
freerdp2 (2.11.2+dfsg1-1build2) noble; urgency=medium
* No-change rebuild against libssl3t64
-- Steve Langasek <email address hidden> Mon, 04 Mar 2024 17:56:08 +0000
-
freerdp2 (2.11.2+dfsg1-1build1) noble; urgency=medium
* No-change rebuild for ICU soname change.
-- Matthias Klose <email address hidden> Tue, 19 Dec 2023 11:06:12 +0100
-
freerdp2 (2.11.2+dfsg1-1) unstable; urgency=medium
* New upstream release. (Closes: #1051638).
* Fixed security issues since v2.11.0:
- CVE-2023-40589: [codec,ncrush] fix index checks properly verify all
offsets while decoding data.
- CVE-2023-40567: Fix out-of-bounds write in the
`clear_decompress_bands_data` function.
- CVE-2023-40188: Fix out-of-bounds read in the `general_LumaToYUV444`
function.
- CVE-2023-40186: Fix out-of-bounds write in the `gdi_CreateSurface`
function.
- CVE-2023-40181: Fix out-of-bounds read in the `zgfx_decompress_segment`
function.
- CVE-2023-39356: Fix out-of-bounds read in the `gdi_multi_opaque_rect`
function.
- CVE-2023-39355: Fix use-after-free in processing
`RDPGFX_CMDID_RESETGRAPHICS` packets.
- CVE-2023-39354: Fix out-of-bounds read in the `nsc_rle_decompress_data`
function.
- CVE-2023-39353: Fix missing offset validation leading to out-of-bounds
read in the `libfreerdp/codec/rfx.c` file.
- CVE-2023-39352: Fix invalid offset validation leading to out-of-bounds
write.
- CVE-2023-39351: Fix null-pointer-dereference leading a crash in the
RemoteFX (rfx) handling.
- CVE-2023-39350: Fix integer underflow leading to DOS (e.g. abort due to
`WINPR_ASSERT` with default compilation flags).
* debian/patches:
+ Drop 0001_fix_ftbfs_1041377.patch. Applied upstream.
* debian/control:
+ Add B-D: libkrb5-dev.
* debian/rules:
+ Add -DWITH_KERBEROS=ON configure option. (Closes: #1036095).
* debian/watch:
+ Rework file. Find all released versions of freerdp2. (Closes: #1053317).
Thanks to Tobias Frost for sending a patch.
-- Mike Gabriel <email address hidden> Sun, 01 Oct 2023 23:21:15 +0200
-
freerdp2 (2.10.0+dfsg1-1.1ubuntu1) mantic; urgency=medium
* SECURITY UPDATE: integer underflow
- debian/patches/CVE-2023-39350.patch: validates package length to prevent
possible out of bound read
- CVE-2023-39350
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2023-39351.patch: frees content of currentMessage on
fail to prevent null pointer access when processing next package
- CVE-2023-39351
* SECURITY UPDATE: missing offset validation
- debian/patches/CVE-2023-39353-01.patch: validates offset to prevent
possible out of bound read
- debian/patches/CVE-2023-39353-02.patch: fixes issues with the original
patch
- CVE-2023-39353
* SECURITY UPDATE: missing input validation
- debian/patches/CVE-2023-39354.patch: validates input length to prevent
possible out of bound read
- CVE-2023-39354
* SECURITY UPDATE: integer underflow
- debian/patches/CVE-2023-40181.patch: fixes cBitsRemaining calculation to
prevent possible out of bound read
- CVE-2023-40181
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-40186.patch: fixes integer multiplication to
prevent possible out of bound write
- CVE-2023-40186
* SECURITY UPDATE: missing input validation
- debian/patches/ensure_integer_width.patch: ensures integer width
- debian/patches/CVE-2023-40188.patch: validates input length to prevent
possible out of bound read
- CVE-2023-40188
* SECURITY UPDATE: missing offset validation
- debian/patches/CVE-2023-40567.patch: validates offset to prevent
possible out of bound write
- CVE-2023-40567
* SECURITY UPDATE: incorrect parameter calculation
- debian/patches/CVE-2023-40569.patch: fixes nXSrc and nYSrc calculation
to prevent possible out of bound write
- CVE-2023-40569
* SECURITY UPDATE: global buffer overflow
- debian/patches/CVE-2023-40589.patch: fixes index checks
- CVE-2023-40589
-- Jorge Sancho Larraz <email address hidden> Wed, 04 Oct 2023 15:07:16 +0200