Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 058e502a by Sylvain Beucler at 2024-05-03T15:09:09+02:00 CVE-2024-32039,CVE-2024-32040,CVE-2024-32041,CVE-2024-32458,CVE-2024-32459,CVE-2024-32460/freerdp*: reference patches - - - - - 32ef1278 by Sylvain Beucler at 2024-05-03T15:09:11+02:00 Introductory commits for CVE-2024-32659,CVE-2024-32661,CVE-2024-32662/freerdp* + CVE-2024-32662/freerdp2 not-affected - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -2438,9 +2438,10 @@ CVE-2024-32675 (Missing Authorization vulnerability in Xfinity Soft Order Limit NOT-FOR-US: WordPress plugin CVE-2024-32662 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 3.5.1+dfsg1-1 - - freerdp2 <unfixed> + - freerdp2 <not-affected> NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vffh-j6hh-95f4 NOTE: https://github.com/FreeRDP/FreeRDP/commit/626d10a94a88565d957ddc30768ed08b320049a7 (3.5.1) + NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/ae8f0106bd9d79dc0369c19b632c5112338ecad4 (3.0.0-beta1) CVE-2024-32432 (Missing Authorization vulnerability in Ovic Team Ovic Addon Toolkit.Th ...) NOT-FOR-US: WordPress plugin CVE-2024-32078 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...) @@ -2575,6 +2576,7 @@ CVE-2024-32661 (FreeRDP is a free implementation of the Remote Desktop Protocol. - freerdp2 <unfixed> NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p5m5-342g-pv9m NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc814592f56600793 (3.5.1) + NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/1b2b1c4ac14ac43f4e475488763d8659bd934eb6 (2.0.0-beta1+android10) CVE-2024-32660 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...) - freerdp3 3.5.1+dfsg1-1 (bug #1069752) - freerdp2 <unfixed> @@ -2585,6 +2587,7 @@ CVE-2024-32659 (FreeRDP is a free implementation of the Remote Desktop Protocol. - freerdp2 <unfixed> NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jgr-7r33-x87w NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6430945ce003a5e24d454d8566f54aae1b6b617b (3.5.1) + NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/c697941de2b7062821e004411ec18ea71e50a30d (1.2.0-beta1+android7) CVE-2024-32658 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 3.5.1+dfsg1-1 (bug #1069752) - freerdp2 <unfixed> @@ -2809,26 +2812,38 @@ CVE-2024-32041 (FreeRDP is a free implementation of the Remote Desktop Protocol. - freerdp3 <not-affected> (Fixed with initial upload to Debian unstable) - freerdp2 <unfixed> (bug #1069728) NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5r4p-mfx2-m44r + NOTE: https://github.com/FreeRDP/FreeRDP/commit/d88ad1acd142769650a6159906ac90f46a766265 (2.11.6) CVE-2024-32039 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 <not-affected> (Fixed with initial upload to Debian unstable) - freerdp2 <unfixed> (bug #1069728) NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5h8-7j42-j4r9 + NOTE: https://github.com/FreeRDP/FreeRDP/commit/d88ad1acd142769650a6159906ac90f46a766265 (2.11.6) CVE-2024-32040 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 <not-affected> (Fixed with initial upload to Debian unstable) - freerdp2 <unfixed> (bug #1069728) NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-23c5-cp23-h2h5 + NOTE: https://github.com/FreeRDP/FreeRDP/commit/5893b5f277db38b0040c572b078de838b84cfc07 (2.11.6) CVE-2024-32458 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 <not-affected> (Fixed with initial upload to Debian unstable) - freerdp2 <unfixed> (bug #1069728) NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vvr6-h646-mp4p + NOTE: https://github.com/FreeRDP/FreeRDP/commit/9bc624c721ecde8251cfabd1edf069bc713ccc97 (2.11.6) CVE-2024-32459 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 <not-affected> (Fixed with initial upload to Debian unstable) - freerdp2 <unfixed> (bug #1069728) NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cp4q-p737-rmw9 + NOTE: https://github.com/FreeRDP/FreeRDP/commit/b70c8e989d2807cea47bbf89e57700b5a10b2ca7 (2.11.6) CVE-2024-32460 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 <not-affected> (Fixed with initial upload to Debian unstable) - freerdp2 <unfixed> (bug #1069728) NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4rr8-gr65-vqrr + NOTE: https://github.com/FreeRDP/FreeRDP/commit/18cef378eae2b63a1a750da242f00da12b5b3881 (2.11.6) CVE-2024-32493 (An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0 ...) - znuny 6.5.8-1 [bookworm] - znuny <no-dsa> (Non-free not supported) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cf1975168a6e816c2d0026af9e931d644c067936...32ef12782b97d954059a5970c59677086182c428 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cf1975168a6e816c2d0026af9e931d644c067936...32ef12782b97d954059a5970c59677086182c428 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits