-
freerdp (1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4) xenial-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- debian/patches/CVE-2020-*.patch: backported commits to fix a
multitude of security issues.
- CVE-2020-11042, CVE-2020-11045, CVE-2020-11046, CVE-2020-11048,
CVE-2020-11049, CVE-2020-11058, CVE-2020-11521, CVE-2020-11522,
CVE-2020-11523, CVE-2020-11525, CVE-2020-11526, CVE-2020-13396,
CVE-2020-13397, CVE-2020-13398
-- Marc Deslauriers <email address hidden> Wed, 03 Jun 2020 09:03:25 -0400
-
freerdp (1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3) xenial-security; urgency=medium
* SECURITY UPDATE: Integer truncation in update_read_bitmap_update
- debian/patches/CVE-2018-8786.patch: Promote count to 32-bit integer
type to avoid integer truncation in libfreerdp/core/update.c. Based on
upstream patch.
- CVE-2018-8786
* SECURITY UPDATE: Integer overflow in gdi_Bitmap_Decompress
- debian/patches/CVE-2018-8787.patch: Check for and avoid possible
integer overflow in libfreerdp/gdi/graphics.c. Based on upstream
patch.
- CVE-2018-8787
* SECURITY UPDATE: Buffer overflow in nsc_rle_decode
- debian/patches/CVE-2018-8788.patch: Check for lengths and avoid
possible buffer overflow in libfreerdp/codec/nsc.c and
libfreerdp/codec/nsc_encode.c. Based on upstream patch.
- CVE-2018-8788
* SECURITY UPDATE: Out-of-bounds read in ntlm_read_message_fields_buffer
- debian/patches/CVE-2018-8789.patch: Ensure to use 64-bit integer
type when checking offset against stream length in
winpr/libwinpr/sspi/NTLM/ntlm_message.c. Based on upstream patch.
- CVE-2018-8789
-- Alex Murray <email address hidden> Tue, 11 Dec 2018 16:35:47 +1030
-
freerdp (1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2) xenial-security; urgency=medium
* SECURITY UPDATE: integer overflow in license_read_scope_list
- debian/patches/CVE-2014-0791.patch: check length in
libfreerdp/core/license.c.
- CVE-2014-0791
* SECURITY UPDATE: multiple code execution and DoS issues
- debian/patches/CVE-2017-283x.patch: fix issues in
libfreerdp/core/capabilities.c, libfreerdp/core/certificate.*,
libfreerdp/core/connection.c, libfreerdp/core/gcc.c,
libfreerdp/core/info.c, libfreerdp/core/license.c,
libfreerdp/core/mcs.c, libfreerdp/core/nego.c,
libfreerdp/core/peer.c, libfreerdp/core/rdp.*,
libfreerdp/core/security.*, libfreerdp/core/surface.c,
libfreerdp/core/tpkt.*, libfreerdp/core/transport.c.
- CVE-2017-2834, CVE-2017-2835, CVE-2017-2836, CVE-2017-2837,
CVE-2017-2838, CVE-2017-2839
* debian/patches/alignment_test_failure.patch: fix FTBFS on armhf because
of failing alignment test.
-- Marc Deslauriers <email address hidden> Thu, 03 Aug 2017 11:09:58 -0400
-
freerdp (1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1) wily; urgency=medium
* Merge with Debian unstable, remaining changes
- Disable ffmpeg support
- Disable gstreamer support, this relies on gstreamer 0.10 and we don't
want to add any more deps on that.
-- Robert Ancell <email address hidden> Mon, 05 Oct 2015 14:33:15 +1300
