[ubuntu/mantic-proposed] freerdp2 2.10.0+dfsg1-1.1ubuntu1 (Accepted)
Jorge Sancho Larraz
jorge.sancho.larraz at canonical.com
Wed Oct 4 14:00:43 UTC 2023
freerdp2 (2.10.0+dfsg1-1.1ubuntu1) mantic; urgency=medium
* SECURITY UPDATE: integer underflow
- debian/patches/CVE-2023-39350.patch: validates package length to prevent
possible out of bound read
- CVE-2023-39350
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2023-39351.patch: frees content of currentMessage on
fail to prevent null pointer access when processing next package
- CVE-2023-39351
* SECURITY UPDATE: missing offset validation
- debian/patches/CVE-2023-39353-01.patch: validates offset to prevent
possible out of bound read
- debian/patches/CVE-2023-39353-02.patch: fixes issues with the original
patch
- CVE-2023-39353
* SECURITY UPDATE: missing input validation
- debian/patches/CVE-2023-39354.patch: validates input length to prevent
possible out of bound read
- CVE-2023-39354
* SECURITY UPDATE: integer underflow
- debian/patches/CVE-2023-40181.patch: fixes cBitsRemaining calculation to
prevent possible out of bound read
- CVE-2023-40181
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-40186.patch: fixes integer multiplication to
prevent possible out of bound write
- CVE-2023-40186
* SECURITY UPDATE: missing input validation
- debian/patches/ensure_integer_width.patch: ensures integer width
- debian/patches/CVE-2023-40188.patch: validates input length to prevent
possible out of bound read
- CVE-2023-40188
* SECURITY UPDATE: missing offset validation
- debian/patches/CVE-2023-40567.patch: validates offset to prevent
possible out of bound write
- CVE-2023-40567
* SECURITY UPDATE: incorrect parameter calculation
- debian/patches/CVE-2023-40569.patch: fixes nXSrc and nYSrc calculation
to prevent possible out of bound write
- CVE-2023-40569
* SECURITY UPDATE: global buffer overflow
- debian/patches/CVE-2023-40589.patch: fixes index checks
- CVE-2023-40589
Date: Wed, 04 Oct 2023 15:07:16 +0200
Changed-By: Jorge Sancho Larraz <jorge.sancho.larraz at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/freerdp2/2.10.0+dfsg1-1.1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 04 Oct 2023 15:07:16 +0200
Source: freerdp2
Built-For-Profiles: noudeb
Architecture: source
Version: 2.10.0+dfsg1-1.1ubuntu1
Distribution: mantic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jorge Sancho Larraz <jorge.sancho.larraz at canonical.com>
Changes:
freerdp2 (2.10.0+dfsg1-1.1ubuntu1) mantic; urgency=medium
.
* SECURITY UPDATE: integer underflow
- debian/patches/CVE-2023-39350.patch: validates package length to prevent
possible out of bound read
- CVE-2023-39350
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2023-39351.patch: frees content of currentMessage on
fail to prevent null pointer access when processing next package
- CVE-2023-39351
* SECURITY UPDATE: missing offset validation
- debian/patches/CVE-2023-39353-01.patch: validates offset to prevent
possible out of bound read
- debian/patches/CVE-2023-39353-02.patch: fixes issues with the original
patch
- CVE-2023-39353
* SECURITY UPDATE: missing input validation
- debian/patches/CVE-2023-39354.patch: validates input length to prevent
possible out of bound read
- CVE-2023-39354
* SECURITY UPDATE: integer underflow
- debian/patches/CVE-2023-40181.patch: fixes cBitsRemaining calculation to
prevent possible out of bound read
- CVE-2023-40181
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-40186.patch: fixes integer multiplication to
prevent possible out of bound write
- CVE-2023-40186
* SECURITY UPDATE: missing input validation
- debian/patches/ensure_integer_width.patch: ensures integer width
- debian/patches/CVE-2023-40188.patch: validates input length to prevent
possible out of bound read
- CVE-2023-40188
* SECURITY UPDATE: missing offset validation
- debian/patches/CVE-2023-40567.patch: validates offset to prevent
possible out of bound write
- CVE-2023-40567
* SECURITY UPDATE: incorrect parameter calculation
- debian/patches/CVE-2023-40569.patch: fixes nXSrc and nYSrc calculation
to prevent possible out of bound write
- CVE-2023-40569
* SECURITY UPDATE: global buffer overflow
- debian/patches/CVE-2023-40589.patch: fixes index checks
- CVE-2023-40589
Checksums-Sha1:
b58f793f3d9ba6ae7b6872adc91dc0dbe6f1237f 3591 freerdp2_2.10.0+dfsg1-1.1ubuntu1.dsc
eb5f399339858dfcca4538d0aa1cf8026db30092 52364 freerdp2_2.10.0+dfsg1-1.1ubuntu1.debian.tar.xz
be996e273b825a38d60655ebd72296540ef68903 14133 freerdp2_2.10.0+dfsg1-1.1ubuntu1_source.buildinfo
Checksums-Sha256:
16b68785cc2af740a1c1d12f7e6ce546c24eb65a511432d65d91a9f13877e4ac 3591 freerdp2_2.10.0+dfsg1-1.1ubuntu1.dsc
1558e825652691c355df5d9f17372b2ce2cad56ee33ca4b8a02ca1c42271ec59 52364 freerdp2_2.10.0+dfsg1-1.1ubuntu1.debian.tar.xz
d85d8175d0f946646b50eb84a8be2bc62299fa159e524f9047214d1934954694 14133 freerdp2_2.10.0+dfsg1-1.1ubuntu1_source.buildinfo
Files:
32b46871c8bbbf998f19c7849e0a9fbd 3591 x11 optional freerdp2_2.10.0+dfsg1-1.1ubuntu1.dsc
3268cee9934c69974a94bdd379e67c73 52364 x11 optional freerdp2_2.10.0+dfsg1-1.1ubuntu1.debian.tar.xz
51867fdd678c3b09dd35fd5b6997416c 14133 x11 optional freerdp2_2.10.0+dfsg1-1.1ubuntu1_source.buildinfo
Original-Maintainer: Debian Remote Maintainers <debian-remote at lists.debian.org>
More information about the mantic-changes
mailing list