[ubuntu/lunar-proposed] freerdp2 2.9.0+dfsg1-1 (Accepted)
Sebastien Bacher
seb128 at ubuntu.com
Fri Dec 2 10:47:45 UTC 2022
freerdp2 (2.9.0+dfsg1-1) unstable; urgency=medium
* New upstream release. (Closes: #1024511).
- CVE-2022-39316: Resolve out of bound read in ZGFX decoder component.
- CVE-2022-39317: Resolve missing a range check for input offset index
in ZGFX decoder.
- CVE-2022-39318: Resolve missing input validation in `urbdrc` channel.
- CVE-2022-39319: Resolve missing input length validation in the `urbdrc`
channel
- CVE-2022-39320: Resolve attempting integer addition on too narrow types
leading to allocation of a buffer too small holding the data written.
- CVE-2022-39347: Resolve missing path canonicalization and base path check
for `drive` channel.
- CVE-2022-41877: Resolv missing input length validation in `drive` channel.
- Test if packages' executables can be run without 'undefined symbol:
winpr_PathMakePath' error. (Closes: #1024758).
* debian/copyright:
+ Update auto-generated copyright.in file.
+ Update copyright attributions.
* debian/*.symbols:
+ Update .symbols files.
Date: 2022-11-28 16:30:10.504696+00:00
Signed-By: Sebastien Bacher <seb128 at ubuntu.com>
https://launchpad.net/ubuntu/+source/freerdp2/2.9.0+dfsg1-1
-------------- next part --------------
Sorry, changesfile not available.
More information about the lunar-changes
mailing list