Change logs for freerdp source package in Xenial

  • freerdp (1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3) xenial-security; urgency=medium
    
      * SECURITY UPDATE: Integer truncation in update_read_bitmap_update
        - debian/patches/CVE-2018-8786.patch: Promote count to 32-bit integer
          type to avoid integer truncation in libfreerdp/core/update.c. Based on
          upstream patch.
        - CVE-2018-8786
      * SECURITY UPDATE: Integer overflow in gdi_Bitmap_Decompress
        - debian/patches/CVE-2018-8787.patch: Check for and avoid possible
          integer overflow in libfreerdp/gdi/graphics.c. Based on upstream
          patch.
        - CVE-2018-8787
      * SECURITY UPDATE: Buffer overflow in nsc_rle_decode
        - debian/patches/CVE-2018-8788.patch: Check for lengths and avoid
          possible buffer overflow in libfreerdp/codec/nsc.c and
          libfreerdp/codec/nsc_encode.c. Based on upstream patch.
        - CVE-2018-8788
      * SECURITY UPDATE: Out-of-bounds read in ntlm_read_message_fields_buffer
        - debian/patches/CVE-2018-8789.patch: Ensure to use 64-bit integer
          type when checking offset against stream length in
          winpr/libwinpr/sspi/NTLM/ntlm_message.c. Based on upstream patch.
        - CVE-2018-8789
    
     -- Alex Murray <email address hidden>  Tue, 11 Dec 2018 16:35:47 +1030
  • freerdp (1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2) xenial-security; urgency=medium
    
      * SECURITY UPDATE: integer overflow in license_read_scope_list
        - debian/patches/CVE-2014-0791.patch: check length in
          libfreerdp/core/license.c.
        - CVE-2014-0791
      * SECURITY UPDATE: multiple code execution and DoS issues
        - debian/patches/CVE-2017-283x.patch: fix issues in
          libfreerdp/core/capabilities.c, libfreerdp/core/certificate.*,
          libfreerdp/core/connection.c, libfreerdp/core/gcc.c,
          libfreerdp/core/info.c, libfreerdp/core/license.c,
          libfreerdp/core/mcs.c, libfreerdp/core/nego.c,
          libfreerdp/core/peer.c, libfreerdp/core/rdp.*,
          libfreerdp/core/security.*, libfreerdp/core/surface.c,
          libfreerdp/core/tpkt.*, libfreerdp/core/transport.c.
        - CVE-2017-2834, CVE-2017-2835, CVE-2017-2836, CVE-2017-2837,
          CVE-2017-2838, CVE-2017-2839
      * debian/patches/alignment_test_failure.patch: fix FTBFS on armhf because
        of failing alignment test.
    
     -- Marc Deslauriers <email address hidden>  Thu, 03 Aug 2017 11:09:58 -0400
  • freerdp (1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1) wily; urgency=medium
    
      * Merge with Debian unstable, remaining changes
        - Disable ffmpeg support
        - Disable gstreamer support, this relies on gstreamer 0.10 and we don't
          want to add any more deps on that.
    
     -- Robert Ancell <email address hidden>  Mon, 05 Oct 2015 14:33:15 +1300