[ubuntu/mantic-proposed] freerdp2 2.10.0+dfsg1-1.1ubuntu1 (Accepted)

Jorge Sancho Larraz jorge.sancho.larraz at canonical.com
Wed Oct 4 14:00:43 UTC 2023


freerdp2 (2.10.0+dfsg1-1.1ubuntu1) mantic; urgency=medium

  * SECURITY UPDATE: integer underflow
    - debian/patches/CVE-2023-39350.patch: validates package length to prevent
      possible out of bound read
    - CVE-2023-39350
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2023-39351.patch: frees content of currentMessage on
      fail to prevent null pointer access when processing next package
    - CVE-2023-39351
  * SECURITY UPDATE: missing offset validation
    - debian/patches/CVE-2023-39353-01.patch: validates offset to prevent
      possible out of bound read
    - debian/patches/CVE-2023-39353-02.patch: fixes issues with the original
      patch
    - CVE-2023-39353
  * SECURITY UPDATE: missing input validation
    - debian/patches/CVE-2023-39354.patch: validates input length to prevent
      possible out of bound read
    - CVE-2023-39354
  * SECURITY UPDATE: integer underflow
    - debian/patches/CVE-2023-40181.patch: fixes cBitsRemaining calculation to
      prevent possible out of bound read
    - CVE-2023-40181
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-40186.patch: fixes integer multiplication to
      prevent possible out of bound write
    - CVE-2023-40186
  * SECURITY UPDATE: missing input validation
    - debian/patches/ensure_integer_width.patch: ensures integer width
    - debian/patches/CVE-2023-40188.patch: validates input length to prevent
      possible out of bound read
    - CVE-2023-40188
  * SECURITY UPDATE: missing offset validation
    - debian/patches/CVE-2023-40567.patch: validates offset to prevent
      possible out of bound write
    - CVE-2023-40567
  * SECURITY UPDATE: incorrect parameter calculation
    - debian/patches/CVE-2023-40569.patch: fixes nXSrc and nYSrc calculation
      to prevent possible out of bound write
    - CVE-2023-40569
  * SECURITY UPDATE: global buffer overflow
    - debian/patches/CVE-2023-40589.patch: fixes index checks
    - CVE-2023-40589

Date: Wed, 04 Oct 2023 15:07:16 +0200
Changed-By: Jorge Sancho Larraz <jorge.sancho.larraz at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/freerdp2/2.10.0+dfsg1-1.1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 04 Oct 2023 15:07:16 +0200
Source: freerdp2
Built-For-Profiles: noudeb
Architecture: source
Version: 2.10.0+dfsg1-1.1ubuntu1
Distribution: mantic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jorge Sancho Larraz <jorge.sancho.larraz at canonical.com>
Changes:
 freerdp2 (2.10.0+dfsg1-1.1ubuntu1) mantic; urgency=medium
 .
   * SECURITY UPDATE: integer underflow
     - debian/patches/CVE-2023-39350.patch: validates package length to prevent
       possible out of bound read
     - CVE-2023-39350
   * SECURITY UPDATE: null pointer dereference
     - debian/patches/CVE-2023-39351.patch: frees content of currentMessage on
       fail to prevent null pointer access when processing next package
     - CVE-2023-39351
   * SECURITY UPDATE: missing offset validation
     - debian/patches/CVE-2023-39353-01.patch: validates offset to prevent
       possible out of bound read
     - debian/patches/CVE-2023-39353-02.patch: fixes issues with the original
       patch
     - CVE-2023-39353
   * SECURITY UPDATE: missing input validation
     - debian/patches/CVE-2023-39354.patch: validates input length to prevent
       possible out of bound read
     - CVE-2023-39354
   * SECURITY UPDATE: integer underflow
     - debian/patches/CVE-2023-40181.patch: fixes cBitsRemaining calculation to
       prevent possible out of bound read
     - CVE-2023-40181
   * SECURITY UPDATE: integer overflow
     - debian/patches/CVE-2023-40186.patch: fixes integer multiplication to
       prevent possible out of bound write
     - CVE-2023-40186
   * SECURITY UPDATE: missing input validation
     - debian/patches/ensure_integer_width.patch: ensures integer width
     - debian/patches/CVE-2023-40188.patch: validates input length to prevent
       possible out of bound read
     - CVE-2023-40188
   * SECURITY UPDATE: missing offset validation
     - debian/patches/CVE-2023-40567.patch: validates offset to prevent
       possible out of bound write
     - CVE-2023-40567
   * SECURITY UPDATE: incorrect parameter calculation
     - debian/patches/CVE-2023-40569.patch: fixes nXSrc and nYSrc calculation
       to prevent possible out of bound write
     - CVE-2023-40569
   * SECURITY UPDATE: global buffer overflow
     - debian/patches/CVE-2023-40589.patch: fixes index checks
     - CVE-2023-40589
Checksums-Sha1:
 b58f793f3d9ba6ae7b6872adc91dc0dbe6f1237f 3591 freerdp2_2.10.0+dfsg1-1.1ubuntu1.dsc
 eb5f399339858dfcca4538d0aa1cf8026db30092 52364 freerdp2_2.10.0+dfsg1-1.1ubuntu1.debian.tar.xz
 be996e273b825a38d60655ebd72296540ef68903 14133 freerdp2_2.10.0+dfsg1-1.1ubuntu1_source.buildinfo
Checksums-Sha256:
 16b68785cc2af740a1c1d12f7e6ce546c24eb65a511432d65d91a9f13877e4ac 3591 freerdp2_2.10.0+dfsg1-1.1ubuntu1.dsc
 1558e825652691c355df5d9f17372b2ce2cad56ee33ca4b8a02ca1c42271ec59 52364 freerdp2_2.10.0+dfsg1-1.1ubuntu1.debian.tar.xz
 d85d8175d0f946646b50eb84a8be2bc62299fa159e524f9047214d1934954694 14133 freerdp2_2.10.0+dfsg1-1.1ubuntu1_source.buildinfo
Files:
 32b46871c8bbbf998f19c7849e0a9fbd 3591 x11 optional freerdp2_2.10.0+dfsg1-1.1ubuntu1.dsc
 3268cee9934c69974a94bdd379e67c73 52364 x11 optional freerdp2_2.10.0+dfsg1-1.1ubuntu1.debian.tar.xz
 51867fdd678c3b09dd35fd5b6997416c 14133 x11 optional freerdp2_2.10.0+dfsg1-1.1ubuntu1_source.buildinfo
Original-Maintainer: Debian Remote Maintainers <debian-remote at lists.debian.org>


More information about the mantic-changes mailing list