freerdp2 (2.6.1+dfsg1-3ubuntu2.7) jammy-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2024-32658.patch: fix offset error in
libfreerdp/codec/interleaved.c.
- CVE-2024-32658
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2024-32659.patch: fix out of bound read in
libfreerdp/codec/color.c.
- CVE-2024-32659
* SECURITY UPDATE: crash via invalid huge allocation size
- debian/patches/CVE-2024-32660.patch: allocate in segment steps in
libfreerdp/codec/zgfx.c.
- CVE-2024-32660
* SECURITY UPDATE: NULL access and crash
- debian/patches/CVE-2024-32661.patch: fix missing check in
rdp_write_logon_info_v1 in libfreerdp/core/info.c.
- CVE-2024-32661
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 25 Apr 2024 07:35:20 -0400
freerdp2 (2.6.1+dfsg1-3ubuntu2.6) jammy-security; urgency=medium
* SECURITY UPDATE: integer overflow in freerdp_bitmap_planar_context_reset
- debian/patches/CVE-2024-22211.patch: check resolution for overflow in
libfreerdp/codec/planar.c.
- CVE-2024-22211
* SECURITY UPDATE: out-of-bounds write and out-of-bounds read
- debian/patches/CVE-2024-32039_41.patch: reorder check to prevent
possible integer overflow in libfreerdp/codec/clear.c,
libfreerdp/codec/zgfx.c.
- CVE-2024-32039
- CVE-2024-32041
* SECURITY UPDATE: integer underflow in NSC codec
- debian/patches/CVE-2024-32040.patch: abort if there are more bytes to
be read then there are left in libfreerdp/codec/nsc.c.
- CVE-2024-32040
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2024-32458.patch: fix missing input length checks
in libfreerdp/codec/planar.c.
- CVE-2024-32458
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2024-32459.patch: fix missing input length check
in libfreerdp/codec/ncrush.c.
- CVE-2024-32459
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2024-32460.patch: add checks to
libfreerdp/codec/include/bitmap.c, libfreerdp/codec/interleaved.c.
- CVE-2024-32460
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 23 Apr 2024 10:58:50 -0400
freerdp2 (2.6.1+dfsg1-3ubuntu2.5) jammy-security; urgency=medium
* SECURITY UPDATE: missing input length validation in drive channel
- debian/patches/CVE-2022-41877.patch: fixed missing stream length
check in channels/drive/client/drive_main.c.
- CVE-2022-41877
* SECURITY UPDATE: OOB write via invalid offset validation
- debian/patches/CVE-2023-39352.patch: add bound check in gdi_SolidFill
in libfreerdp/gdi/gfx.c.
- CVE-2023-39352
* SECURITY UPDATE: OOB read via missing offset validation
- debian/patches/CVE-2023-39356-1.patch: fix checks for multi opaque
rect in libfreerdp/core/orders.c.
- debian/patches/CVE-2023-39356-2.patch: fix reading order number field
in libfreerdp/core/orders.c.
- CVE-2023-39356
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 27 Nov 2023 12:29:39 -0500
freerdp2 (2.6.1+dfsg1-3ubuntu2.4) jammy-security; urgency=medium
* SECURITY UPDATE: integer underflow
- debian/patches/CVE-2023-39350.patch: validates package length to prevent
possible out of bound read
- CVE-2023-39350
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2023-39351.patch: frees content of currentMessage on
fail to prevent null pointer access when processing next package
- CVE-2023-39351
* SECURITY UPDATE: missing offset validation
- debian/patches/CVE-2023-39353-01.patch: validates offset to prevent
possible out of bound read
- debian/patches/CVE-2023-39353-02.patch: fixes issues with the previous
patch
- CVE-2023-39353
* SECURITY UPDATE: missing input validation
- debian/patches/format_string_for_Stream_CheckAndLogRequiredLength.patch:
backports functionality required by CVE-2023-39354.patch
- debian/patches/CVE-2023-39354.patch: validates input length to prevent
possible out of bound read
- CVE-2023-39354
* SECURITY UPDATE: integer underflow
- debian/patches/CVE-2023-40181.patch: fixes cBitsRemaining calculation to
prevent possible out of bound read
- CVE-2023-40181
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-40186.patch: fixes integer multiplication to
prevent possible out of bound write
- CVE-2023-40186
* SECURITY UPDATE: missing input validation
- debian/patches/ensure_integer_width.patch: ensures integer width
- debian/patches/CVE-2023-40188.patch: validates input length to prevent
possible out of bound read
- CVE-2023-40188
* SECURITY UPDATE: missing offset validation
- debian/patches/CVE-2023-40567.patch: validates offset to prevent
possible out of bound write
- CVE-2023-40567
* SECURITY UPDATE: incorrect parameter calculation
- debian/patches/CVE-2023-40569.patch: fixes nXSrc and nYSrc calculation
to prevent possible out of bound write
- CVE-2023-40569
* SECURITY UPDATE: global buffer overflow
- debian/patches/CVE-2023-40589.patch: fixes index checks
- CVE-2023-40589
-- Jorge Sancho Larraz <jorge.sancho.larraz@canonical.com> Thu, 28 Sep 2023 13:55:11 +0200
freerdp2 (2.6.1+dfsg1-3ubuntu2.3) jammy-security; urgency=medium
* SECURITY UPDATE: out of bounds read via parallel driver
- debian/patches/CVE-2022-39282.patch: fix length checks in parallel
driver in channels/parallel/client/parallel_main.c.
- CVE-2022-39282
* SECURITY UPDATE: out of bounds read via video channel
- debian/patches/CVE-2022-39283.patch: fixed missing length check in
video channel in channels/video/client/video_main.c.
- CVE-2022-39283
* SECURITY UPDATE: out of bounds reads in ZGFX decoder component
- debian/patches/CVE-2022-39316_7.patch: added missing length checks in
zgfx_decompress_segment in libfreerdp/codec/zgfx.c.
- CVE-2022-39316
- CVE-2022-39317
* SECURITY UPDATE: missing input validation in urbdrc
- debian/patches/CVE-2022-39318.patch: fixed division by zero in urbdrc
in channels/urbdrc/client/libusb/libusb_udevice.c.
- CVE-2022-39318
* SECURITY UPDATE: missing input length validation in urbdrc
- debian/patches/CVE-2022-39319-1.patch: fixed missing input buffer
length check in urbdrc in channels/urbdrc/client/data_transfer.c.
- debian/patches/CVE-2022-39319-2.patch: added missing length check in
urb_control_transfer in channels/urbdrc/client/data_transfer.c.
- CVE-2022-39319
* SECURITY UPDATE: out of bounds read in usb
- debian/patches/CVE-2022-39320.patch: ensure urb_create_iocompletion
uses size_t for calculation in
channels/urbdrc/client/data_transfer.c.
- CVE-2022-39320
* SECURITY UPDATE: missing path canonicalization and base path check
for drive channel
- debian/patches/CVE-2022-39347-1.patch: added function _wcsncmp in
winpr/include/winpr/string.h, winpr/libwinpr/crt/string.c.
- debian/patches/CVE-2022-39347-2.patch: fix wcs*cmp and wcs*len checks
in winpr/libwinpr/crt/string.c.
- debian/patches/CVE-2022-39347-3.patch: added wcsstr implementation in
winpr/include/winpr/string.h, winpr/libwinpr/crt/string.c.
- debian/patches/CVE-2022-39347-4.patch: fixed path validation in drive
channel in channels/drive/client/drive_file.c,
channels/drive/client/drive_file.h,
channels/drive/client/drive_main.c.
- CVE-2022-39347
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 21 Nov 2022 08:52:19 -0500
freerdp2 (2.6.1+dfsg1-3ubuntu2.2) jammy; urgency=medium
* Cherry-pick !7836 to fix a crash seen when trying to connect to
an Ubuntu/GNOME session when the screen is locked LP: #1970994
-- Jeremy Bicha <jbicha@ubuntu.com> Wed, 01 Jun 2022 13:51:01 -0400
freerdp2 (2.6.1+dfsg1-3ubuntu2.1) jammy-security; urgency=medium
* SECURITY UPDATE: authentication bypass via incorrect SAM file path
- debian/patches/CVE-2022-24883.patch: clean up ntlm_fetch_ntlm_v2_hash
in winpr/libwinpr/sspi/NTLM/ntlm_compute.c.
- CVE-2022-24883
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 06 Jun 2022 08:30:51 -0400
freerdp2 (2.6.1+dfsg1-3ubuntu2) jammy; urgency=medium
* d/p/1028-Implement-BIO_CTRL_GET_KTLS_SEND.patch:
- Backport #7822 to fix connecting to windows server over RDP
(lp: #1971170)
-- Michael Saxl <saxl@brennercom.net> Tue, 26 Apr 2022 18:39:10 +0200
freerdp2 (2.6.1+dfsg1-3ubuntu1) jammy; urgency=medium
* Cherry-pick commits from stable-2.0 branch up to 20220411 2b65b7c
(LP: #1968577)
-- Jeremy Bicha <jbicha@ubuntu.com> Mon, 11 Apr 2022 10:33:33 -0400
freerdp2 (2.6.1+dfsg1-3) unstable; urgency=medium
* debian/patches:
+ Add 1001_keep-symbol-DumpThreadHandles-if-debugging-is-disabled.patch.
Keep DumpThreadHandles as a symbol even if WITH_DEBUG_THREADS is OFF.
* Revert "debian/libwinpr2-2.symbols: Update symbols."
-- Mike Gabriel <sunweaver@debian.org> Tue, 08 Mar 2022 08:25:13 +0100
# For older changelog entries, run 'apt-get changelog libwinpr2-2'
Generated by dwww version 1.14 on Thu Jan 23 03:34:15 CET 2025.