[ubuntu/noble-proposed] freerdp2 2.11.2+dfsg1-1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Nov 27 18:09:11 UTC 2023
freerdp2 (2.11.2+dfsg1-1) unstable; urgency=medium
* New upstream release. (Closes: #1051638).
* Fixed security issues since v2.11.0:
- CVE-2023-40589: [codec,ncrush] fix index checks properly verify all
offsets while decoding data.
- CVE-2023-40567: Fix out-of-bounds write in the
`clear_decompress_bands_data` function.
- CVE-2023-40188: Fix out-of-bounds read in the `general_LumaToYUV444`
function.
- CVE-2023-40186: Fix out-of-bounds write in the `gdi_CreateSurface`
function.
- CVE-2023-40181: Fix out-of-bounds read in the `zgfx_decompress_segment`
function.
- CVE-2023-39356: Fix out-of-bounds read in the `gdi_multi_opaque_rect`
function.
- CVE-2023-39355: Fix use-after-free in processing
`RDPGFX_CMDID_RESETGRAPHICS` packets.
- CVE-2023-39354: Fix out-of-bounds read in the `nsc_rle_decompress_data`
function.
- CVE-2023-39353: Fix missing offset validation leading to out-of-bounds
read in the `libfreerdp/codec/rfx.c` file.
- CVE-2023-39352: Fix invalid offset validation leading to out-of-bounds
write.
- CVE-2023-39351: Fix null-pointer-dereference leading a crash in the
RemoteFX (rfx) handling.
- CVE-2023-39350: Fix integer underflow leading to DOS (e.g. abort due to
`WINPR_ASSERT` with default compilation flags).
* debian/patches:
+ Drop 0001_fix_ftbfs_1041377.patch. Applied upstream.
* debian/control:
+ Add B-D: libkrb5-dev.
* debian/rules:
+ Add -DWITH_KERBEROS=ON configure option. (Closes: #1036095).
* debian/watch:
+ Rework file. Find all released versions of freerdp2. (Closes: #1053317).
Thanks to Tobias Frost for sending a patch.
Date: 2023-10-02 04:39:28.749211+00:00
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/freerdp2/2.11.2+dfsg1-1
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list