Reserve DLA-2356-1 for freerdp

4 files changed, 4 insertions, 17 deletions

diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 9119efc646..094b95d3fb 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -24643,7 +24643,7 @@ CVE-2014-0792 (Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers t
 CVE-2014-0790
 	RESERVED
 CVE-2014-0791 (Integer overflow in the license_read_scope_list function in libfreerdp ...)
-	- freerdp <unfixed> (unimportant)
+	- freerdp <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=998941
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/f1d6afca6ae620f9855a33280bdc6f3ad9153be0#diff-b6d68bbca6e0f5875c57ef225cd65c45
 	NOTE: A malicous license has simpler means to DoS a RDP client, e.g. by simply stating that no valid license exists etc.
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 4d22d20596..b1116dde1c 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -24517,19 +24517,16 @@ CVE-2020-13398 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bound
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
-	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea
 CVE-2020-13397 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
-	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8
 CVE-2020-13396 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
-	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc
 CVE-2020-13395
 	RESERVED
@@ -29155,7 +29152,6 @@ CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions &gt; 1.1 through 2.
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
 	- freerdp <removed>
-	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/192856cb59974ee4d7d3e72cbeafa676aa7565cf
 	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012
@@ -29163,7 +29159,6 @@ CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP versions &gt; 1.0 through 2
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
 	- freerdp <removed>
-	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/0b6b92a25a77d533b8a92d6acc840a81e103684e
 CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions &gt; 1.0 through 2. ...)
@@ -29177,21 +29172,18 @@ CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP versions &gt; 1.0 through 2.0
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
 	- freerdp <removed>
-	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/ce21b9d7ecd967e0bc98ed31a6b3757848aa6c9e
 CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP &gt; 1.0 through 2.0.0-rc4 has an Out- ...)
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
 	- freerdp <removed>
-	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/907640a924fa7a9a99c80a48ac225e9d8e41548b
 CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version &gt; 1.0 through 2.0.0-rc ...)
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
 	- freerdp <removed>
-	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/17f547ae11835bb11baa3d045245dc1694866845
 CVE-2020-11520 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows  ...)
@@ -30246,7 +30238,6 @@ CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds se
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
-	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf
 	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6011
@@ -30281,7 +30272,6 @@ CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
-	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b
 	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6007
@@ -30297,7 +30287,6 @@ CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
-	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q
 	NOTE: Fixed  by: https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37
 	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6006
@@ -30305,7 +30294,6 @@ CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
-	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637
 	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6005
@@ -30326,7 +30314,6 @@ CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
-	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f
 	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6010
diff --git a/data/DLA/list b/data/DLA/list
index d0f52c64c9..97b204a4a4 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[30 Aug 2020] DLA-2356-1 freerdp - security update
+	{CVE-2014-0791 CVE-2020-11042 CVE-2020-11045 CVE-2020-11046 CVE-2020-11048 CVE-2020-11058 CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11525 CVE-2020-11526 CVE-2020-13396 CVE-2020-13397 CVE-2020-13398}
+	[stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4
 [29 Aug 2020] DLA-2355-1 bind9 - security update
 	{CVE-2020-8622 CVE-2020-8623}
 	[stretch] - bind9 1:9.10.3.dfsg.P4-12.3+deb9u7
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index dde692fe45..a5af6b6472 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -72,9 +72,6 @@ firefox-esr (Emilio)
 --
 fossil (Mike Gabriel)
 --
-freerdp (Mike Gabriel)
-  NOTE: 20200510: Vulnerable to at least CVE-2020-11042. (lamby)
---
 gnome-shell (Mike Gabriel)
   NOTE: 20200829: https://salsa.debian.org/gnome-team/gnome-shell/-/merge_requests/41 (sunweaver)
 --