[ubuntu/bionic-security] freerdp 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 (Accepted)

Emilia Torino emilia.torino at canonical.com
Thu Nov 26 18:26:40 UTC 2020 

freerdp (1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read in update_read_icon_info
    - debian/patches/CVE-2020-11042.patch: check length in
      update_read_icon_info.
    - CVE-2020-11042
  * SECURITY UPDATE: out-of-bound read in update_read_bitmap_data
    - debian/patches/CVE-2020-11045.patch: bounds checks in
      update_read_bitmap_data.
    - CVE-2020-11045
  * SECURITY UPDATE: stream out-of-bounds seek in update_read_synchronize
    - debian/patches/CVE-2020-11046.patch: bounds checks in
      update_read_synchronize.
    - CVE-2020-11046
  * SECURITY UPDATE: out-of-bounds read in rdp_read_flow_control_pdu
    - debian/patches/CVE-2020-11048.patch: boundary checks in
      rdp_read_flow_control_pdu.
    - CVE-2020-11048
  * SECURITY UPDATE: out-of-bounds seek in rdp_read_font_capability_set
    - debian/patches/CVE-2020-11058.patch: bounds check in
      rdp_read_font_capability_set.
    - CVE-2020-11058
  * SECURITY UPDATE: out-of-bounds write in planar codec
    - debian/patches/CVE-2020-11521.patch: bounds check in planar codec.
    - CVE-2020-11521
  * SECURITY UPDATE: ut-of-bounds read in gdi.c
    - debian/patches/CVE-2020-11522.patch: limit number of DELTA_RECT to
      45.
    - CVE-2020-11522
  * SECURITY UPDATE: integer overflow in region.c
    - debian/patches/CVE-2020-11523.patch: clamp invalid rectangles to
      size 0.
    - CVE-2020-11523
  * SECURITY UPDATE: out of bounds read in bitmap_cache_new
    - debian/patches/CVE-2020-11525.patch: bounds check in
      bitmap_cache_new.
    - CVE-2020-11525
  * SECURITY UPDATE: out of bounds read in update_recv_orders
    - debian/patches/CVE-2020-11526.patch: bounds check in
      update_recv_orders.
    - CVE-2020-11526
  * SECURITY UPDATE:
    - debian/patches/CVE-2020-13396.patch: added length checks for data
      read from stream. Unified function resource cleanup.
    - CVE-2020-13396
  * SECURITY UPDATE: out-of-bounds read in security_fips_decrypt
    - debian/patches/CVE-2020-13397.patch: fixed GHSL-2020-101 missing
      NULL check.
    - CVE-2020-13397
  * SECURITY UPDATE: out-of-bounds write in crypto_rsa_common
    - debian/patches/CVE-2020-13398.patch: fixed GHSL-2020-102 heap
      overflow.
    - CVE-2020-13398

Date: 2020-11-26 17:15:00.327527+00:00
Changed-By: Emilia Torino <emilia.torino at canonical.com>
https://launchpad.net/ubuntu/+source/freerdp/1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list