Univention Bugzilla – Bug 48775
freerdp: Multiple issues (4.3)
Last modified: 2019-02-27 13:29:15 CET
New Debian freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3 fixes: This update addresses the following issues: * 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3 (Thu, 10 Jan 2019 16:07:19 +0100) * debian/patches: Add security patches. - CVE-2018-8786.patch: The count variable in update_read_bitmap() needs to be UINT32 (not UINT16). - CVE-2018-8787.patch: In gdi_Bitmap_Decompress, check for invalid bpp, width and height before decompressing. CVE-2018-8788.patch: In NSC encode/decode functions, catch data flawed in various ways and bail out with failure. CVE-2018-8789.patch: In ntlm_read_message_fields_buffer, check buffer offset vs. Stream_Length and bail out if not appropriate. - Thanks to Alex Murray for backporting them to FreeRDP 1.1. * debian/patches: + Add 0010_add-support-for-credssp-v3-and-rdpproto-v6.patch. Add CredSSP v3 and RDP proto v6 support. This allows users to connect to recently (since March 2018) updated Microsoft RDP servers again. Thanks to Bernhard Miklautz and Martin Fleisz for helping out with backporting this patch. Much appreciated! * debian/control: + Update Vcs-*: URLs. * debian/lib{freerdp-core1.1,winpr-sspi0.1}.symbols: Update symbols. * 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3 (Thu, 10 Jan 2019 16:07:19 +0100) * debian/patches: Add security patches. - CVE-2018-8786.patch: The count variable in update_read_bitmap() needs to be UINT32 (not UINT16). - CVE-2018-8787.patch: In gdi_Bitmap_Decompress, check for invalid bpp, width and height before decompressing. CVE-2018-8788.patch: In NSC encode/decode functions, catch data flawed in various ways and bail out with failure. CVE-2018-8789.patch: In ntlm_read_message_fields_buffer, check buffer offset vs. Stream_Length and bail out if not appropriate. - Thanks to Alex Murray for backporting them to FreeRDP 1.1. * debian/patches: + Add 0010_add-support-for-credssp-v3-and-rdpproto-v6.patch. Add CredSSP v3 and RDP proto v6 support. This allows users to connect to recently (since March 2018) updated Microsoft RDP servers again. Thanks to Bernhard Miklautz and Martin Fleisz for helping out with backporting this patch. Much appreciated! * debian/control: + Update Vcs-*: URLs. * debian/lib{freerdp-core1.1,winpr-sspi0.1}.symbols: Update symbols.
--- mirror/ftp/4.3/unmaintained/4.3-0/source/freerdp_1.1.0~git20140921.1.440916e+dfsg1-13+deb9u2.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/freerdp_1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3.dsc @@ -1,3 +1,25 @@ +1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3 [Thu, 10 Jan 2019 16:07:19 +0100] Mike Gabriel <sunweaver@debian.org>: + + * debian/patches: Add security patches. + - CVE-2018-8786.patch: The count variable in update_read_bitmap() needs to + be UINT32 (not UINT16). + - CVE-2018-8787.patch: In gdi_Bitmap_Decompress, check for invalid bpp, + width and height before decompressing. + CVE-2018-8788.patch: In NSC encode/decode functions, catch data flawed in + various ways and bail out with failure. + CVE-2018-8789.patch: In ntlm_read_message_fields_buffer, check buffer + offset vs. Stream_Length and bail out if not appropriate. + - Thanks to Alex Murray for backporting them to FreeRDP 1.1. + * debian/patches: + + Add 0010_add-support-for-credssp-v3-and-rdpproto-v6.patch. Add CredSSP v3 + and RDP proto v6 support. This allows users to connect to recently + (since March 2018) updated Microsoft RDP servers again. + Thanks to Bernhard Miklautz and Martin Fleisz for helping out with + backporting this patch. Much appreciated! + * debian/control: + + Update Vcs-*: URLs. + * debian/lib{freerdp-core1.1,winpr-sspi0.1}.symbols: Update symbols. + 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u2 [Sat, 12 Aug 2017 15:26:43 -0400] Mike Gabriel <sunweaver@debian.org>: [ Bernhard Miklautz ] <http://10.200.17.11/4.3-3/#2868217023980113244>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-3] 9c9b297065 Bug #48775: freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3 doc/errata/staging/freerdp.yaml | 39 +++++++-------------------------------- 1 file changed, 7 insertions(+), 32 deletions(-) [4.3-3] 0866115bd2 Bug #48775: freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3 doc/errata/staging/freerdp.yaml | 46 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+)
<http://errata.software-univention.de/ucs/4.3/435.html>