Bug#965979: marked as done (freerdp2: CVE-2020-15103)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Tue, 25 Aug 2020 08:21:57 +0000
with message-id <E1kAUDN-000HM9-PX@fasolo.debian.org>
and subject line Bug#965979: fixed in freerdp2 2.2.0+dfsg1-1
has caused the Debian Bug report #965979,
regarding freerdp2: CVE-2020-15103
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
965979: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965979
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: freerdp2: CVE-2020-15103
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Tue, 21 Jul 2020 21:21:45 +0200
• Message-id: <159535930567.3372645.11194371799696899795.reportbug@eldamar.local>

Source: freerdp2
Version: 2.1.2+dfsg1-2
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/FreeRDP/FreeRDP/pull/6381
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for freerdp2.

CVE-2020-15103[0]:
| Integer overflow due to missing input sanitation in rdpegfx channel

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-15103
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15103
[1] https://github.com/FreeRDP/FreeRDP/pull/6381

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 965979-close@bugs.debian.org
• Subject: Bug#965979: fixed in freerdp2 2.2.0+dfsg1-1
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Tue, 25 Aug 2020 08:21:57 +0000
• Message-id: <E1kAUDN-000HM9-PX@fasolo.debian.org>
• Reply-to: Mike Gabriel <sunweaver@debian.org>

Source: freerdp2
Source-Version: 2.2.0+dfsg1-1
Done: Mike Gabriel <sunweaver@debian.org>

We believe that the bug you reported is fixed in the latest version of
freerdp2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 965979@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel <sunweaver@debian.org> (supplier of updated freerdp2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 25 Aug 2020 09:17:57 +0200
Source: freerdp2
Architecture: source
Version: 2.2.0+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Remote Maintainers <debian-remote@lists.debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Closes: 965979
Changes:
 freerdp2 (2.2.0+dfsg1-1) unstable; urgency=medium
 .
   * New upstream release.
     + CVE-2020-15103: Integer overflow due to missing input sanitation in
       rdpegfx channel. (Closes: #965979).
   * debian/patches:
     + Drop 0001-mask-CACHED_BRUSH-when-checking-brush-style.patch. Applied
       upstream.
   * debian/copyright:
     + Update copyright attributions.
   * debian/libfreerdp2-2.symbols:
     + Update symbols.
   * debian/libfreerdp-server2-2.symbols:
     + Update symbols.
Checksums-Sha1:
 712529fd09f28dde25156efb3cd2be3c58cb58c2 3553 freerdp2_2.2.0+dfsg1-1.dsc
 e1f8d3401ba4197c722c822ed0a4459592a3eaca 1939508 freerdp2_2.2.0+dfsg1.orig.tar.xz
 3cb45911cd4c249e8a322aabc9d9705690e40012 42804 freerdp2_2.2.0+dfsg1-1.debian.tar.xz
 1856ac869f2b81d85361bf8d6bfcc96513b75552 16238 freerdp2_2.2.0+dfsg1-1_source.buildinfo
Checksums-Sha256:
 bd237f3bb0e887779083831a6d0c22acb500de830925d02c8acca26b04e790b0 3553 freerdp2_2.2.0+dfsg1-1.dsc
 2bbf503ee8ad52b57c636d50c1b1bc78dbc54a54b2d60e695365a514f8ae6a52 1939508 freerdp2_2.2.0+dfsg1.orig.tar.xz
 97d355127aaa5b17719a14cea75d963ad50473b67b228eb958d44008bedfd4c5 42804 freerdp2_2.2.0+dfsg1-1.debian.tar.xz
 cbd12e2ea56f5eb8b6c326a3b77445008547b6e849f3b3138f2cc300c2694483 16238 freerdp2_2.2.0+dfsg1-1_source.buildinfo
Files:
 d6a40fd4f33318f8ea8414f9fa7f494d 3553 x11 optional freerdp2_2.2.0+dfsg1-1.dsc
 05aa9bbb07776b572432fff2582df9d0 1939508 x11 optional freerdp2_2.2.0+dfsg1.orig.tar.xz
 6ec40458b2d02ac1779a8ddb151f2275 42804 x11 optional freerdp2_2.2.0+dfsg1-1.debian.tar.xz
 6b79c8ca7aedd28f7db11f415b469323 16238 x11 optional freerdp2_2.2.0+dfsg1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl9EwhUVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxSocP/R+teZgB17QXPrZIe52OkEjIfCa5
DWgo1G5tFPhxuttpx+FGNLTxz+Gala0tyGAGiM6ia/75BRH/wsD16Ys7gYT+qiAF
SzKBDO14o6iuvU5FwpHFMBG3rZE41TJG722B/eAHfe4kNl0e8aQKZBC7xxjFyawh
f+8tFA2FWTV4JVjQ7iBSNvCGxeJ3lyo0pnZd7/+jGJOWkAyl5IcB2nqjvFXt45hb
AWSsZuU4xVl54jq8BTchhpk3qV7vnG6eeH2a1h+ow/Ly5K8u/tuH5hwFBrMwxPYS
lj6PbOszIp/8RQdSQCdX7gemQzuOhTC9Y6TYb/oumT9JH1hqq9Mo9YkBvLPMbuf0
xMeXN6NchLyvicRryNdeDpEfjOksePLEXcvcrSZIgmkp/i1/QrCwRGCt+6iGuOe6
vnEnXHAPeT1fzV+ivJv+zv0nclc7188UwA+9cq4sSUC5k1uy80hroZ/VgtBGcdrS
WPee1Y8HN+nGdOho8638OwniVPCTYZamJ3+0Hy6YB+vACCrHRaxLMhxCmG7PaFt2
AlVdKKl+8wdP9UEgz8lNQsOaK7vr93fvJenJ7sclb/0WMN6qm3uJc0TrDDwixxV4
+J/ZPWwxicOZx+/4N1jipMHuu9exWtJFyUf70r4uP0aER5Nf10cp/adwbDr1Fa5o
1DqPdAszlqAUZvCe
=lF/3
-----END PGP SIGNATURE-----

--- End Message ---