Your message dated Mon, 29 Apr 2024 19:05:47 +0000 with message-id <E1s1WJv-005dF5-HQ@fasolo.debian.org> and subject line Bug#1069752: fixed in freerdp3 3.5.1+dfsg1-1 has caused the Debian Bug report #1069752, regarding freerdp3: CVE-2024-32658 CVE-2024-32659 CVE-2024-32660 CVE-2024-32661 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1069752: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069752 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: freerdp3: CVE-2024-32658 CVE-2024-32659 CVE-2024-32660 CVE-2024-32661
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Wed, 24 Apr 2024 09:25:49 +0200
- Message-id: <[🔎] 171394354989.10791.6111177570847336207.reportbug@eldamar.lan>
Source: freerdp3 Version: 3.5.0+dfsg1-1 Severity: important Tags: security upstream X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org> Hi, The following vulnerabilities were published for freerdp3. CVE-2024-32658[0]: | FreeRDP is a free implementation of the Remote Desktop Protocol. | FreeRDP based clients prior to version 3.5.1 are vulnerable to out- | of-bounds read. Version 3.5.1 contains a patch for the issue. No | known workarounds are available. CVE-2024-32659[1]: | FreeRDP is a free implementation of the Remote Desktop Protocol. | FreeRDP based clients prior to version 3.5.1 are vulnerable to out- | of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version | 3.5.1 contains a patch for the issue. No known workarounds are | available. CVE-2024-32660[2]: | FreeRDP is a free implementation of the Remote Desktop Protocol. | Prior to version 3.5.1, a malicious server can crash the FreeRDP | client by sending invalid huge allocation size. Version 3.5.1 | contains a patch for the issue. No known workarounds are available. CVE-2024-32661[3]: | FreeRDP is a free implementation of the Remote Desktop Protocol. | FreeRDP based clients prior to version 3.5.1 are vulnerable to a | possible `NULL` access and crash. Version 3.5.1 contains a patch for | the issue. No known workarounds are available. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-32658 https://www.cve.org/CVERecord?id=CVE-2024-32658 [1] https://security-tracker.debian.org/tracker/CVE-2024-32659 https://www.cve.org/CVERecord?id=CVE-2024-32659 [2] https://security-tracker.debian.org/tracker/CVE-2024-32660 https://www.cve.org/CVERecord?id=CVE-2024-32660 [3] https://security-tracker.debian.org/tracker/CVE-2024-32661 https://www.cve.org/CVERecord?id=CVE-2024-32661 Regards, Salvatore
--- End Message ---
--- Begin Message ---
- To: 1069752-close@bugs.debian.org
- Subject: Bug#1069752: fixed in freerdp3 3.5.1+dfsg1-1
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Mon, 29 Apr 2024 19:05:47 +0000
- Message-id: <E1s1WJv-005dF5-HQ@fasolo.debian.org>
- Reply-to: Jeremy Bícha <jbicha@ubuntu.com>
Source: freerdp3 Source-Version: 3.5.1+dfsg1-1 Done: Jeremy Bícha <jbicha@ubuntu.com> We believe that the bug you reported is fixed in the latest version of freerdp3, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1069752@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jeremy Bícha <jbicha@ubuntu.com> (supplier of updated freerdp3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 29 Apr 2024 14:50:09 -0400 Source: freerdp3 Built-For-Profiles: noudeb Architecture: source Version: 3.5.1+dfsg1-1 Distribution: unstable Urgency: high Maintainer: Debian Remote Maintainers <debian-remote@lists.debian.org> Changed-By: Jeremy Bícha <jbicha@ubuntu.com> Closes: 1069752 Changes: freerdp3 (3.5.1+dfsg1-1) unstable; urgency=high . [ Jeremy Bícha ] * New upstream release (Closes: #1069752) - CVE-2024-32658 - CVE-2024-32659 - CVE-2024-32660 - CVE-2024-32661 - CVE-2024-32662 * Fix typo in enabling smartcard emulation * Update symbols files * Set symbols check level to 4 . [ Bernhard Miklautz ] * Update symbol files * debian/[control|rules]: enable WEBP, JPEG and PNG support for clipboard * debian/copyright[.in]: update copyright files * debian/control: update pkg-config binary package name Checksums-Sha1: f8f84cb5ce0e81f4b3318031931eebf6237e7ac3 3507 freerdp3_3.5.1+dfsg1-1.dsc 5b3ddd6bb82c3242c06a5e7929c19673025c685e 3688232 freerdp3_3.5.1+dfsg1.orig.tar.xz 0d012c367669252ba35162986ce65d864e3e8fe7 44888 freerdp3_3.5.1+dfsg1-1.debian.tar.xz b15335586d32e50febcaf0c9a47ae2a7d73f7d38 11333 freerdp3_3.5.1+dfsg1-1_source.buildinfo Checksums-Sha256: 35d059760951b52cab8e341ce5bb3617ddf96a043ec4c76cefe3d48b8c888dbd 3507 freerdp3_3.5.1+dfsg1-1.dsc e4e4c9ac2c464b07873781acc57ad6efcf469c93a1bf11da1204d9dd89cc0e14 3688232 freerdp3_3.5.1+dfsg1.orig.tar.xz 62c501bcae84279052470423f553a210da298e4148acab38a2596fdc2d67a85f 44888 freerdp3_3.5.1+dfsg1-1.debian.tar.xz b1598eb7e85776db1ee73895a1a2a8b68573cb0a2bebb764de79dbcf6268c7a2 11333 freerdp3_3.5.1+dfsg1-1_source.buildinfo Files: a09dfdb641311c32790923377be8ff74 3507 x11 optional freerdp3_3.5.1+dfsg1-1.dsc 89cfe9641bd1060d6e66584bedc89099 3688232 x11 optional freerdp3_3.5.1+dfsg1.orig.tar.xz 2cf68b7d867eac0d37212b2dacc86097 44888 x11 optional freerdp3_3.5.1+dfsg1-1.debian.tar.xz a838da1554370a512512e51f8d9436bc 11333 x11 optional freerdp3_3.5.1+dfsg1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmYv7IoACgkQ5mx3Wuv+ bH0L8Q//Slbm132G47JJ+J7f9cOx3PcVK6V4OTNuXO9scOAhWgsF57SuopwU5T3P de+x/CkF9HK5F/Nc/4zSfpqF0bLZWoJl1P8D2v0uxHizYCq8a7h2z974AU46kfp+ detkPc9h3RyclIEsXzoFEEJeX/5R+B0k4aYvVz1MFsjFDcL0a2EpO44VTWwwmdi5 re8niPnyJX0yI69mrCPWKUL34rf/6xIhmq2I1H8d+hIbzzZGEYlPHz9/HfMEXw0h Bw1vE8Dc1gHmTWXUF5fbabpWBkO3Yn2E2GS03zln9PUv/9jxHSk5og6OgA9U6jnd xUJjYK+kp6+NurxPKPtxvuA6f4ACrKsAi0UopEqjFZlR1hYu4eJzKOiVk5cL1H1P xEEnv3WWJfkGj2O8hsiEwVyLbq09I6h1OKJA9DET/LdQL4IBKnus4Vfcs/IBef4Z a+s/K1lzAZMln31rzn2UZzqn4Cc7F0JoWRLwO8C1L+ORlKUDCqG8f4F50qBHziOy 9iG3rpHFDSXtJ2LbgqLG3kSVGDPh19/QxlEPB86pmsWM5H89t37EOuHxoBQeJxq9 MSmvD/tvN3tUAqbzmVn7nR6CI7u8Y/b1ONcr24hd4DUCsuwNqxNApsqz6ggfmQza 8LRjxPDNig39kdgp7UM5ugbJJzbQIlql8PTl1z5TS00Z7xPUJpM= =WZtV -----END PGP SIGNATURE-----Attachment: pgpG45exENtDd.pgp
Description: PGP signature
--- End Message ---