Your message dated Wed, 01 May 2024 21:19:22 +0000 with message-id <E1s2HMI-00GCcf-6G@fasolo.debian.org> and subject line Bug#1069752: fixed in freerdp3 3.5.1+dfsg1-3 has caused the Debian Bug report #1069752, regarding freerdp3: CVE-2024-32658 CVE-2024-32659 CVE-2024-32660 CVE-2024-32661 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1069752: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069752 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: freerdp3: CVE-2024-32658 CVE-2024-32659 CVE-2024-32660 CVE-2024-32661
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Wed, 24 Apr 2024 09:25:49 +0200
- Message-id: <171394354989.10791.6111177570847336207.reportbug@eldamar.lan>
Source: freerdp3 Version: 3.5.0+dfsg1-1 Severity: important Tags: security upstream X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org> Hi, The following vulnerabilities were published for freerdp3. CVE-2024-32658[0]: | FreeRDP is a free implementation of the Remote Desktop Protocol. | FreeRDP based clients prior to version 3.5.1 are vulnerable to out- | of-bounds read. Version 3.5.1 contains a patch for the issue. No | known workarounds are available. CVE-2024-32659[1]: | FreeRDP is a free implementation of the Remote Desktop Protocol. | FreeRDP based clients prior to version 3.5.1 are vulnerable to out- | of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version | 3.5.1 contains a patch for the issue. No known workarounds are | available. CVE-2024-32660[2]: | FreeRDP is a free implementation of the Remote Desktop Protocol. | Prior to version 3.5.1, a malicious server can crash the FreeRDP | client by sending invalid huge allocation size. Version 3.5.1 | contains a patch for the issue. No known workarounds are available. CVE-2024-32661[3]: | FreeRDP is a free implementation of the Remote Desktop Protocol. | FreeRDP based clients prior to version 3.5.1 are vulnerable to a | possible `NULL` access and crash. Version 3.5.1 contains a patch for | the issue. No known workarounds are available. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-32658 https://www.cve.org/CVERecord?id=CVE-2024-32658 [1] https://security-tracker.debian.org/tracker/CVE-2024-32659 https://www.cve.org/CVERecord?id=CVE-2024-32659 [2] https://security-tracker.debian.org/tracker/CVE-2024-32660 https://www.cve.org/CVERecord?id=CVE-2024-32660 [3] https://security-tracker.debian.org/tracker/CVE-2024-32661 https://www.cve.org/CVERecord?id=CVE-2024-32661 Regards, Salvatore
--- End Message ---
--- Begin Message ---
- To: 1069752-close@bugs.debian.org
- Subject: Bug#1069752: fixed in freerdp3 3.5.1+dfsg1-3
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Wed, 01 May 2024 21:19:22 +0000
- Message-id: <E1s2HMI-00GCcf-6G@fasolo.debian.org>
- Reply-to: Jeremy Bícha <jbicha@ubuntu.com>
Source: freerdp3 Source-Version: 3.5.1+dfsg1-3 Done: Jeremy Bícha <jbicha@ubuntu.com> We believe that the bug you reported is fixed in the latest version of freerdp3, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1069752@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jeremy Bícha <jbicha@ubuntu.com> (supplier of updated freerdp3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 01 May 2024 16:32:21 -0400 Source: freerdp3 Built-For-Profiles: noudeb Architecture: source Version: 3.5.1+dfsg1-3 Distribution: unstable Urgency: high Maintainer: Debian Remote Maintainers <debian-remote@lists.debian.org> Changed-By: Jeremy Bícha <jbicha@ubuntu.com> Closes: 1069752 Changes: freerdp3 (3.5.1+dfsg1-3) unstable; urgency=high . [ Bernhard Miklautz ] * Performance improvements - Set -DNDEBUG (automatically set for Release but not for RelWithDebInfo) - Set -DWITH_VERBOSE_WINPR_ASSERT=OFF . [ Nathan Pratta Teodosio ] * Add autopkgtest . [ Jeremy Bícha ] * debian/*.symbols: Add new symbols * Release to unstable . freerdp3 (3.5.1+dfsg1-2) experimental; urgency=medium . * Enable proxy support * Enable the SDL client . freerdp3 (3.5.1+dfsg1-1) unstable; urgency=high . [ Jeremy Bícha ] * New upstream release (Closes: #1069752) - CVE-2024-32658 [Low] ExtractRunLengthRegular* out of bound read - CVE-2024-32659 [Low] freerdp_image_copy out of bound read - CVE-2024-32660 [Low] zgfx_decompress out of memory - CVE-2024-32661 [Low] rdp_write_logon_info_v1 NULL access - CVE-2024-32662 [Low] rdp_redirection_read_base64_wchar out of bound read * Fix typo in enabling smartcard emulation * Update symbols files * Set symbols check level to 4 . [ Bernhard Miklautz ] * Update symbol files * debian/[control|rules]: enable WEBP, JPEG and PNG support for clipboard * debian/copyright[.in]: update copyright files * debian/control: update pkg-config binary package name Checksums-Sha1: b0a0cd8f5c23c8ff133527fe748ae4f8f92cab1b 3886 freerdp3_3.5.1+dfsg1-3.dsc 444c6f3f4371233d44880b3811724dfb8ee9eb48 45916 freerdp3_3.5.1+dfsg1-3.debian.tar.xz 37ef30d009027373af9cdc0be346d27c21355246 11341 freerdp3_3.5.1+dfsg1-3_source.buildinfo Checksums-Sha256: d5f8764783048acb49d9f7ad36f391d67b4d2b34c676b10cfac9c6e3432dc951 3886 freerdp3_3.5.1+dfsg1-3.dsc a0b555fe774994ad3d7820d864512286ae7c8efdd38629ca66bfee17b4655230 45916 freerdp3_3.5.1+dfsg1-3.debian.tar.xz e2bdb3d641a442a2e90bf5e746061c4143aa9271017591fd4eab9657e3a33d6f 11341 freerdp3_3.5.1+dfsg1-3_source.buildinfo Files: 5d60afe599024cfc72a59709317970ae 3886 x11 optional freerdp3_3.5.1+dfsg1-3.dsc 8b8e601bd4370268f74c9c96cf579d48 45916 x11 optional freerdp3_3.5.1+dfsg1-3.debian.tar.xz 11f77c6801177147527a6eaef699dc2e 11341 x11 optional freerdp3_3.5.1+dfsg1-3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmYyrxAACgkQ5mx3Wuv+ bH2wjA//cCLf3z5grMqtIPr9aC/Xc2NJzK2weGO6KcQKhUqyxTTKuyJ0y9dOPIIs 27KatxeLQ+RxBBTK1CsqoJtERsz8TnaMf5kHvUOtPRqwAEJLXS2KAhWDtCyOpKrJ BglVvIO10mu3PzyNH6rqRfdGt9kWwaNa1MamsqneVmA1LNIu/ETynmOBithmITTv u6fbBu6sqmzJ+Oj/IMBWn7uiNIzf1gfzEQzD8nibAoGINF2+3Bjp5o5/Hgf1ovz8 abjYnu6nM+2cBbSY/NYx0Qa8VKTH28uUMBVkieCJgDHUKFiqp6Zmc+v4nuh6Etjh GwtZ33kuym76wihXKWyzpBPiYZXVqzvC8O2xAP3uFTEIe+1uL7G5DEkpRlbz6bGY 0zBeNKzPzjaLCQfujdHsmYE0YO8393ADPJFuok6Dv0OpvjulSdii9lDswwIU1Z4m NFnrq3KDfTANEyHk6zTRtP5b9H4d7NNgx651gumCRCtRrpKRuGn76j1bVqhDJIy6 +kKK/japh3lJcSubwMbTCZZw0GNeMvHtErKTzA6akX928VqSXCTwrX6QsTA0QSgq 10+/H7tt/sDUCrSPeA8OfJd6YZVbmIFeNBaqx/2H2XQHfvHSPHMP5i8FeqQJsxQv 7ARteoQkScLoUsCRZlRPAS7z52SN0G/gk9ee2y+i5qitUqNMyMw= =k/am -----END PGP SIGNATURE-----Attachment: pgpWJ26FbUwvX.pgp
Description: PGP signature
--- End Message ---