diff options
author | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2020-08-30 01:38:46 +0200 |
---|---|---|
committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2020-08-30 01:38:46 +0200 |
commit | c03d50d7f1a00bee1de193affe69b11670a15792 (patch) | |
tree | 6bfeddc992f2add99ee70f2a9206b01003ca3c5c /data | |
parent | cbf4146031f22a16683b5d42c2eb8eeb1d490bd1 (diff) |
Reserve DLA-2356-1 for freerdp
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2014.list | 2 | ||||
-rw-r--r-- | data/CVE/2020.list | 13 | ||||
-rw-r--r-- | data/DLA/list | 3 | ||||
-rw-r--r-- | data/dla-needed.txt | 3 |
4 files changed, 4 insertions, 17 deletions
diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 9119efc646..094b95d3fb 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -24643,7 +24643,7 @@ CVE-2014-0792 (Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers t CVE-2014-0790 RESERVED CVE-2014-0791 (Integer overflow in the license_read_scope_list function in libfreerdp ...) - - freerdp <unfixed> (unimportant) + - freerdp <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=998941 NOTE: https://github.com/FreeRDP/FreeRDP/commit/f1d6afca6ae620f9855a33280bdc6f3ad9153be0#diff-b6d68bbca6e0f5875c57ef225cd65c45 NOTE: A malicous license has simpler means to DoS a RDP client, e.g. by simply stating that no valid license exists etc. diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 4d22d20596..b1116dde1c 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -24517,19 +24517,16 @@ CVE-2020-13398 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bound - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 <no-dsa> (Minor issue) - freerdp <removed> - [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea CVE-2020-13397 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 <no-dsa> (Minor issue) - freerdp <removed> - [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8 CVE-2020-13396 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 <no-dsa> (Minor issue) - freerdp <removed> - [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc CVE-2020-13395 RESERVED @@ -29155,7 +29152,6 @@ CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2. - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp <removed> - [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9 NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/192856cb59974ee4d7d3e72cbeafa676aa7565cf NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012 @@ -29163,7 +29159,6 @@ CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2 - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp <removed> - [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg NOTE: https://github.com/FreeRDP/FreeRDP/commit/0b6b92a25a77d533b8a92d6acc840a81e103684e CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2. ...) @@ -29177,21 +29172,18 @@ CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0 - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp <removed> - [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42 NOTE: https://github.com/FreeRDP/FreeRDP/commit/ce21b9d7ecd967e0bc98ed31a6b3757848aa6c9e CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out- ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp <removed> - [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh NOTE: https://github.com/FreeRDP/FreeRDP/commit/907640a924fa7a9a99c80a48ac225e9d8e41548b CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp <removed> - [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w NOTE: https://github.com/FreeRDP/FreeRDP/commit/17f547ae11835bb11baa3d045245dc1694866845 CVE-2020-11520 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows ...) @@ -30246,7 +30238,6 @@ CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds se - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 <no-dsa> (Minor issue) - freerdp <removed> - [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g NOTE: https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf NOTE: https://github.com/FreeRDP/FreeRDP/issues/6011 @@ -30281,7 +30272,6 @@ CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 <no-dsa> (Minor issue) - freerdp <removed> - [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b NOTE: https://github.com/FreeRDP/FreeRDP/issues/6007 @@ -30297,7 +30287,6 @@ CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of- - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 <no-dsa> (Minor issue) - freerdp <removed> - [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6006 @@ -30305,7 +30294,6 @@ CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 <no-dsa> (Minor issue) - freerdp <removed> - [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6 NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6005 @@ -30326,7 +30314,6 @@ CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 <no-dsa> (Minor issue) - freerdp <removed> - [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f NOTE: https://github.com/FreeRDP/FreeRDP/issues/6010 diff --git a/data/DLA/list b/data/DLA/list index d0f52c64c9..97b204a4a4 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[30 Aug 2020] DLA-2356-1 freerdp - security update + {CVE-2014-0791 CVE-2020-11042 CVE-2020-11045 CVE-2020-11046 CVE-2020-11048 CVE-2020-11058 CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11525 CVE-2020-11526 CVE-2020-13396 CVE-2020-13397 CVE-2020-13398} + [stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4 [29 Aug 2020] DLA-2355-1 bind9 - security update {CVE-2020-8622 CVE-2020-8623} [stretch] - bind9 1:9.10.3.dfsg.P4-12.3+deb9u7 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index dde692fe45..a5af6b6472 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -72,9 +72,6 @@ firefox-esr (Emilio) -- fossil (Mike Gabriel) -- -freerdp (Mike Gabriel) - NOTE: 20200510: Vulnerable to at least CVE-2020-11042. (lamby) --- gnome-shell (Mike Gabriel) NOTE: 20200829: https://salsa.debian.org/gnome-team/gnome-shell/-/merge_requests/41 (sunweaver) -- |