Your message dated Mon, 25 Mar 2024 15:49:36 +0000 with message-id <E1romZs-00E8bS-RV@fasolo.debian.org> and subject line Bug#1061173: fixed in freerdp2 2.11.5+dfsg1-1 has caused the Debian Bug report #1061173, regarding freerdp2: CVE-2024-22211: Integer Overflow leading to Heap Overflow in freerdp_bitmap_planar_context_reset to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1061173: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061173 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: freerdp2: CVE-2024-22211: Integer Overflow leading to Heap Overflow in freerdp_bitmap_planar_context_reset
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Sat, 20 Jan 2024 10:01:12 +0100
- Message-id: <170574127247.719089.16651674708250329574.reportbug@eldamar.lan>
Source: freerdp2 Version: 2.11.2+dfsg1-1 Severity: important Tags: security upstream X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org> Hi, The following vulnerability was published for freerdp2. CVE-2024-22211[0]: | FreeRDP is a set of free and open source remote desktop protocol | library and clients. In affected versions an integer overflow in | `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. | This affects FreeRDP based clients. FreeRDP based server | implementations and proxy are not affected. A malicious server could | prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, | possibly triggering later out of bound read/write. Data extraction | over network is not possible, the buffers are used to display an | image. This issue has been addressed in version 2.11.5 and 3.2.0. | Users are advised to upgrade. there are no know workarounds for this | vulnerability. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-22211 https://www.cve.org/CVERecord?id=CVE-2024-22211 [1] https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rjhp-44rv-7v59 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---
- To: 1061173-close@bugs.debian.org
- Subject: Bug#1061173: fixed in freerdp2 2.11.5+dfsg1-1
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Mon, 25 Mar 2024 15:49:36 +0000
- Message-id: <E1romZs-00E8bS-RV@fasolo.debian.org>
- Reply-to: Mike Gabriel <sunweaver@debian.org>
Source: freerdp2 Source-Version: 2.11.5+dfsg1-1 Done: Mike Gabriel <sunweaver@debian.org> We believe that the bug you reported is fixed in the latest version of freerdp2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1061173@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mike Gabriel <sunweaver@debian.org> (supplier of updated freerdp2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 25 Mar 2024 16:09:04 +0100 Source: freerdp2 Architecture: source Version: 2.11.5+dfsg1-1 Distribution: unstable Urgency: medium Maintainer: Debian Remote Maintainers <debian-remote@lists.debian.org> Changed-By: Mike Gabriel <sunweaver@debian.org> Closes: 1061173 1061952 Changes: freerdp2 (2.11.5+dfsg1-1) unstable; urgency=medium . * New upstream release. - CVE-2024-22211: Fix integer overflow in progressive decoder. (Closes: #1061173). * Upload time_t64 changes to unstable. (Closes: #1061952). * debian/watch: + Adjust so we only see 2.x release. * debian/control: + Switch from pkg-config to pkgconf. Thanks, lintian. Checksums-Sha1: 2f69a04171b13e7ef1d02b1d78c143580d4b8956 3563 freerdp2_2.11.5+dfsg1-1.dsc 5e822303d9fe54ba6b3155bc63a89e9a08a7b796 2270364 freerdp2_2.11.5+dfsg1.orig.tar.xz 2bfc2d430bdd4d97138a3597d2933a7dcc89d1cd 45264 freerdp2_2.11.5+dfsg1-1.debian.tar.xz 12609775501721883a1e224b10517b58bc77fb5a 14416 freerdp2_2.11.5+dfsg1-1_source.buildinfo Checksums-Sha256: e0ba3ac20ebe4d2bf0ae992dcbba7abb368c08a06cf939caa64b9c600bb5c518 3563 freerdp2_2.11.5+dfsg1-1.dsc 9c7a7f54244e149f25f5e40fe194016f532cfae7aa99b943e061fd93ed6991f0 2270364 freerdp2_2.11.5+dfsg1.orig.tar.xz 69707349bdc04bdb386c074a6450a591b9a7f01913a3648cebc64833b2cf8110 45264 freerdp2_2.11.5+dfsg1-1.debian.tar.xz 019300c8a0f7369b0b26c554f0eb5cef97b781ca7d8b21bcf9507bb45c09dd80 14416 freerdp2_2.11.5+dfsg1-1_source.buildinfo Files: f54fdee42c8a4f624e4187f67e590582 3563 x11 optional freerdp2_2.11.5+dfsg1-1.dsc 57649b5b86191218a995afa360e515d5 2270364 x11 optional freerdp2_2.11.5+dfsg1.orig.tar.xz 11f459307c1cb78369f268a42e1f5540 45264 x11 optional freerdp2_2.11.5+dfsg1-1.debian.tar.xz d542c112bea0a48e0a1ac439461f80d4 14416 x11 optional freerdp2_2.11.5+dfsg1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmYBmTsVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxErMQAIDeajKRTROLtFoK6SurMR+T+XU9 0oN7IHZbN9WoIpdQ/0NXJusnabJprWRRtfUJaqZEpoi1+QrRLmuSlubBvAOJ6O6o lYCcleWiImKEaDU9wClo4+J+EgJRCNttHDQ1or0KZatfdIJTDhaR3ZEFG+3i+9jT wbuOlFghXejGGqqbUZv+/NACsDjtsobZaZz9A347oCWQ7L8Bnw22aV0x2ywZ/Psw 808HdgK6dEfTZ3ngZLEmzEiZf6QxCU2EswUzcTtE79tPN0v57T6+2LUR9qr9EIIk hYYXIqSLUcFSbjYGJFWrc40hzj2UrEue2cgvLzSZlAxByR33UV4utO20mCnNVoaZ tLUUlKQOzADQTafZuvN2XBkoGP4oyO4LeSewfjRk7ua9MUP18a/uKIrcf9bNEAVI MEfSDjGyomK4vb3uLP3qmRKm/VZwtjezyi/tApfSnsKxWAohiU0xHj5TGxN/UCdU 6hagwTKWjmeq+GIAJy+KxtuqAOu/uK/+EeKROW++bTLVX1KNTkKqhDbbIuaxDCI9 OYaDh2UictWfQraZ7Y+bUr22V6N0VrOR48OyEExWpiskbsYIWOavg/Bm8uPNolmr Y5UZs4tk+EHieuyfHAVjF0e9Ev+5iSOgCNhb0E1zqnauCwzcQyh9zbPG1FKAs5Ow SXyyLDxwseQ81alj =ubLR -----END PGP SIGNATURE-----Attachment: pgpWDzdf8sxdr.pgp
Description: PGP signature
--- End Message ---