Change log for freerdp package in Ubuntu
1 → 37 of 37 results | First • Previous • Next • Last |
freerdp (1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2) bionic-security; urgency=medium * SECURITY UPDATE: out-of-bounds read in update_read_icon_info - debian/patches/CVE-2020-11042.patch: check length in update_read_icon_info. - CVE-2020-11042 * SECURITY UPDATE: out-of-bound read in update_read_bitmap_data - debian/patches/CVE-2020-11045.patch: bounds checks in update_read_bitmap_data. - CVE-2020-11045 * SECURITY UPDATE: stream out-of-bounds seek in update_read_synchronize - debian/patches/CVE-2020-11046.patch: bounds checks in update_read_synchronize. - CVE-2020-11046 * SECURITY UPDATE: out-of-bounds read in rdp_read_flow_control_pdu - debian/patches/CVE-2020-11048.patch: boundary checks in rdp_read_flow_control_pdu. - CVE-2020-11048 * SECURITY UPDATE: out-of-bounds seek in rdp_read_font_capability_set - debian/patches/CVE-2020-11058.patch: bounds check in rdp_read_font_capability_set. - CVE-2020-11058 * SECURITY UPDATE: out-of-bounds write in planar codec - debian/patches/CVE-2020-11521.patch: bounds check in planar codec. - CVE-2020-11521 * SECURITY UPDATE: ut-of-bounds read in gdi.c - debian/patches/CVE-2020-11522.patch: limit number of DELTA_RECT to 45. - CVE-2020-11522 * SECURITY UPDATE: integer overflow in region.c - debian/patches/CVE-2020-11523.patch: clamp invalid rectangles to size 0. - CVE-2020-11523 * SECURITY UPDATE: out of bounds read in bitmap_cache_new - debian/patches/CVE-2020-11525.patch: bounds check in bitmap_cache_new. - CVE-2020-11525 * SECURITY UPDATE: out of bounds read in update_recv_orders - debian/patches/CVE-2020-11526.patch: bounds check in update_recv_orders. - CVE-2020-11526 * SECURITY UPDATE: - debian/patches/CVE-2020-13396.patch: added length checks for data read from stream. Unified function resource cleanup. - CVE-2020-13396 * SECURITY UPDATE: out-of-bounds read in security_fips_decrypt - debian/patches/CVE-2020-13397.patch: fixed GHSL-2020-101 missing NULL check. - CVE-2020-13397 * SECURITY UPDATE: out-of-bounds write in crypto_rsa_common - debian/patches/CVE-2020-13398.patch: fixed GHSL-2020-102 heap overflow. - CVE-2020-13398 -- Emilia Torino <email address hidden> Thu, 29 Oct 2020 16:29:56 -0300
freerdp (1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4) xenial-security; urgency=medium * SECURITY UPDATE: Multiple security issues - debian/patches/CVE-2020-*.patch: backported commits to fix a multitude of security issues. - CVE-2020-11042, CVE-2020-11045, CVE-2020-11046, CVE-2020-11048, CVE-2020-11049, CVE-2020-11058, CVE-2020-11521, CVE-2020-11522, CVE-2020-11523, CVE-2020-11525, CVE-2020-11526, CVE-2020-13396, CVE-2020-13397, CVE-2020-13398 -- Marc Deslauriers <email address hidden> Wed, 03 Jun 2020 09:03:25 -0400
Available diffs
freerdp (1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.10.1) cosmic-security; urgency=medium * SECURITY UPDATE: Integer truncation in update_read_bitmap_update - debian/patches/CVE-2018-8786.patch: Promote count to 32-bit integer type to avoid integer truncation in libfreerdp/core/update.c. Based on upstream patch. - CVE-2018-8786 * SECURITY UPDATE: Integer overflow in gdi_Bitmap_Decompress - debian/patches/CVE-2018-8787.patch: Check for and avoid possible integer overflow in libfreerdp/gdi/graphics.c. Based on upstream patch. - CVE-2018-8787 * SECURITY UPDATE: Buffer overflow in nsc_rle_decode - debian/patches/CVE-2018-8788.patch: Check for lengths and avoid possible buffer overflow in libfreerdp/codec/nsc.c and libfreerdp/codec/nsc_encode.c. Based on upstream patch. - CVE-2018-8788 * SECURITY UPDATE: Out-of-bounds read in ntlm_read_message_fields_buffer - debian/patches/CVE-2018-8789.patch: Ensure to use 64-bit integer type when checking offset against stream length in winpr/libwinpr/sspi/NTLM/ntlm_message.c. Based on upstream patch. - CVE-2018-8789 -- Eduardo Barretto <email address hidden> Mon, 27 May 2019 14:17:26 -0300
freerdp (1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1) bionic-security; urgency=medium * SECURITY UPDATE: Integer truncation in update_read_bitmap_update - debian/patches/CVE-2018-8786.patch: Promote count to 32-bit integer type to avoid integer truncation in libfreerdp/core/update.c. Based on upstream patch. - CVE-2018-8786 * SECURITY UPDATE: Integer overflow in gdi_Bitmap_Decompress - debian/patches/CVE-2018-8787.patch: Check for and avoid possible integer overflow in libfreerdp/gdi/graphics.c. Based on upstream patch. - CVE-2018-8787 * SECURITY UPDATE: Buffer overflow in nsc_rle_decode - debian/patches/CVE-2018-8788.patch: Check for lengths and avoid possible buffer overflow in libfreerdp/codec/nsc.c and libfreerdp/codec/nsc_encode.c. Based on upstream patch. - CVE-2018-8788 * SECURITY UPDATE: Out-of-bounds read in ntlm_read_message_fields_buffer - debian/patches/CVE-2018-8789.patch: Ensure to use 64-bit integer type when checking offset against stream length in winpr/libwinpr/sspi/NTLM/ntlm_message.c. Based on upstream patch. - CVE-2018-8789 -- Eduardo Barretto <email address hidden> Mon, 27 May 2019 14:14:40 -0300
freerdp (1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3) xenial-security; urgency=medium * SECURITY UPDATE: Integer truncation in update_read_bitmap_update - debian/patches/CVE-2018-8786.patch: Promote count to 32-bit integer type to avoid integer truncation in libfreerdp/core/update.c. Based on upstream patch. - CVE-2018-8786 * SECURITY UPDATE: Integer overflow in gdi_Bitmap_Decompress - debian/patches/CVE-2018-8787.patch: Check for and avoid possible integer overflow in libfreerdp/gdi/graphics.c. Based on upstream patch. - CVE-2018-8787 * SECURITY UPDATE: Buffer overflow in nsc_rle_decode - debian/patches/CVE-2018-8788.patch: Check for lengths and avoid possible buffer overflow in libfreerdp/codec/nsc.c and libfreerdp/codec/nsc_encode.c. Based on upstream patch. - CVE-2018-8788 * SECURITY UPDATE: Out-of-bounds read in ntlm_read_message_fields_buffer - debian/patches/CVE-2018-8789.patch: Ensure to use 64-bit integer type when checking offset against stream length in winpr/libwinpr/sspi/NTLM/ntlm_message.c. Based on upstream patch. - CVE-2018-8789 -- Alex Murray <email address hidden> Tue, 11 Dec 2018 16:35:47 +1030
Available diffs
freerdp (1.0.2-2ubuntu1.2) trusty-security; urgency=medium * SECURITY UPDATE: Integer truncation in update_read_bitmap_update - debian/patches/CVE-2018-8786.patch: Promote count to 32-bit integer type to avoid integer truncation in libfreerdp-core/update.c. Based on upstream patch. - CVE-2018-8786 * SECURITY UPDATE: Integer overflow in gdi_Bitmap_Decompress - debian/patches/CVE-2018-8787.patch: Check for and avoid possible integer overflow in libfreerdp-gdi/graphics.c. Based on upstream patch. - CVE-2018-8787 -- Alex Murray <email address hidden> Tue, 11 Dec 2018 16:36:47 +1030
Available diffs
Deleted in disco-release (Reason: (From Debian) ROM; Old version, transition to freerdp2 in...) |
Obsolete in cosmic-release |
Published in bionic-release |
Superseded in bionic-release |
Obsolete in artful-release |
Deleted in artful-proposed (Reason: moved to release) |
freerdp (1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1) artful; urgency=medium * Merge with Debian. Remaining change: - Disable ffmpeg support (it's in universe) - debian/patches/CVE-2014-0791.patch: check length in libfreerdp/core/license.c. (CVE-2014-0791)
Available diffs
freerdp (1.1.0~git20140921.1.440916e+dfsg1-10ubuntu2) artful; urgency=medium * SECURITY UPDATE: integer overflow in license_read_scope_list - debian/patches/CVE-2014-0791.patch: check length in libfreerdp/core/license.c. - CVE-2014-0791 * SECURITY UPDATE: multiple code execution and DoS issues - debian/patches/CVE-2017-283x.patch: fix issues in libfreerdp/core/capabilities.c, libfreerdp/core/certificate.*, libfreerdp/core/connection.c, libfreerdp/core/gcc.c, libfreerdp/core/info.c, libfreerdp/core/license.c, libfreerdp/core/mcs.c, libfreerdp/core/nego.c, libfreerdp/core/peer.c, libfreerdp/core/rdp.*, libfreerdp/core/security.*, libfreerdp/core/surface.c, libfreerdp/core/tpkt.*, libfreerdp/core/transport.c. - CVE-2017-2834, CVE-2017-2835, CVE-2017-2836, CVE-2017-2837, CVE-2017-2838, CVE-2017-2839 -- Marc Deslauriers <email address hidden> Wed, 02 Aug 2017 15:00:27 -0400
Available diffs
freerdp (1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2) xenial-security; urgency=medium * SECURITY UPDATE: integer overflow in license_read_scope_list - debian/patches/CVE-2014-0791.patch: check length in libfreerdp/core/license.c. - CVE-2014-0791 * SECURITY UPDATE: multiple code execution and DoS issues - debian/patches/CVE-2017-283x.patch: fix issues in libfreerdp/core/capabilities.c, libfreerdp/core/certificate.*, libfreerdp/core/connection.c, libfreerdp/core/gcc.c, libfreerdp/core/info.c, libfreerdp/core/license.c, libfreerdp/core/mcs.c, libfreerdp/core/nego.c, libfreerdp/core/peer.c, libfreerdp/core/rdp.*, libfreerdp/core/security.*, libfreerdp/core/surface.c, libfreerdp/core/tpkt.*, libfreerdp/core/transport.c. - CVE-2017-2834, CVE-2017-2835, CVE-2017-2836, CVE-2017-2837, CVE-2017-2838, CVE-2017-2839 * debian/patches/alignment_test_failure.patch: fix FTBFS on armhf because of failing alignment test. -- Marc Deslauriers <email address hidden> Thu, 03 Aug 2017 11:09:58 -0400
Available diffs
freerdp (1.0.2-2ubuntu1.1) trusty-security; urgency=medium * SECURITY UPDATE: integer overflow in xf_Pointer_New - debian/patches/CVE-2014-0250.patch: check width and height in libfreerdp-core/fastpath.c, libfreerdp-core/rdp.*, libfreerdp-core/update.*. - CVE-2014-0250 * SECURITY UPDATE: integer overflow in license_read_scope_list - debian/patches/CVE-2014-0791.patch: check length in libfreerdp/core/license.*. - CVE-2014-0791 * SECURITY UPDATE: out-of-bounds write in rdp_recv_tpkt_pdu - debian/patches/CVE-2017-2835.patch: properly check length in libfreerdp-core/info.c, libfreerdp-core/license.c, libfreerdp-core/peer.c, libfreerdp-core/rdp.*, libfreerdp-core/capabilities.c, libfreerdp-core/connection.c. - CVE-2017-2835 * SECURITY UPDATE: rdp client read server proprietary certificate DoS - debian/patches/CVE-2017-2836.patch: check keylen in libfreerdp-core/certificate.c. - CVE-2017-2836 * SECURITY UPDATE: rdp client gcc read server security data DoS - debian/patches/CVE-2017-2837.patch: check lengths in libfreerdp-core/gcc.c. - CVE-2017-2837 * SECURITY UPDATE: rdp client license read product info DoS - debian/patches/CVE-2017-2838.patch: check lengths in libfreerdp-core/license.*. - CVE-2017-2838 * SECURITY UPDATE: rdp client license read challenge packet DoS - debian/patches/CVE-2017-2839.patch: add checks to libfreerdp-core/license.*. - CVE-2017-2839 -- Marc Deslauriers <email address hidden> Thu, 03 Aug 2017 07:55:30 -0400
Available diffs
freerdp (1.1.0~git20140921.1.440916e+dfsg1-10ubuntu1.1) zesty-security; urgency=medium * SECURITY UPDATE: integer overflow in license_read_scope_list - debian/patches/CVE-2014-0791.patch: check length in libfreerdp/core/license.c. - CVE-2014-0791 * SECURITY UPDATE: multiple code execution and DoS issues - debian/patches/CVE-2017-283x.patch: fix issues in libfreerdp/core/capabilities.c, libfreerdp/core/certificate.*, libfreerdp/core/connection.c, libfreerdp/core/gcc.c, libfreerdp/core/info.c, libfreerdp/core/license.c, libfreerdp/core/mcs.c, libfreerdp/core/nego.c, libfreerdp/core/peer.c, libfreerdp/core/rdp.*, libfreerdp/core/security.*, libfreerdp/core/surface.c, libfreerdp/core/tpkt.*, libfreerdp/core/transport.c. - CVE-2017-2834, CVE-2017-2835, CVE-2017-2836, CVE-2017-2837, CVE-2017-2838, CVE-2017-2839 -- Marc Deslauriers <email address hidden> Wed, 02 Aug 2017 15:00:27 -0400
Superseded in artful-release |
Obsolete in zesty-release |
Obsolete in yakkety-release |
Deleted in yakkety-proposed (Reason: moved to release) |
freerdp (1.1.0~git20140921.1.440916e+dfsg1-10ubuntu1) yakkety; urgency=medium * Merge with Debian (LP: #1602480). Remaining change: - Disable ffmpeg support (it's in universe)
Available diffs
Superseded in yakkety-release |
Published in xenial-release |
Obsolete in wily-release |
Deleted in wily-proposed (Reason: moved to release) |
freerdp (1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1) wily; urgency=medium * Merge with Debian unstable, remaining changes - Disable ffmpeg support - Disable gstreamer support, this relies on gstreamer 0.10 and we don't want to add any more deps on that. -- Robert Ancell <email address hidden> Mon, 05 Oct 2015 14:33:15 +1300
Available diffs
freerdp (1.1.0~git20140921.1.440916e+dfsg1-4ubuntu1) wily; urgency=low * Merge with Debian unstable, remaining changes - Disable ffmpeg support - Disable gstreamer support, this relies on gstreamer 0.10 and we don't want to add any more deps on that.
Available diffs
Superseded in wily-release |
Obsolete in vivid-release |
Deleted in vivid-proposed (Reason: moved to release) |
freerdp (1.1.0~git20140921.1.440916e+dfsg1-2ubuntu1) vivid; urgency=medium * Merge with Debian unstable, remaining changes - Disable ffmpeg support * Disable gstreamer support, this relies on gstreamer 0.10 and we don't want to add any more deps on that.
Available diffs
Superseded in vivid-release |
Obsolete in utopic-release |
Published in trusty-release |
Deleted in trusty-proposed (Reason: moved to release) |
freerdp (1.0.2-2ubuntu1) trusty; urgency=low * Merge from Debian unstable. Remaining changes: - debian/{control,rules}: Drop avcodec/ffmpeg support
Available diffs
Superseded in trusty-release |
Obsolete in saucy-release |
Deleted in saucy-proposed (Reason: moved to release) |
freerdp (1.0.2-1ubuntu1) saucy; urgency=low * Merge from Debian unstable. Remaining changes: - debian/{control,rules}: Drop avcodec/ffmpeg support * debian/patches/remote-control.diff, debian/patches/cherry-48ad5feb0a6ad831d863f89ed74b443021e54303.patch, debian/patches/backport-from-stdin.patch, debian/patches/allow-null-domain.patch: - Dropped, included upstream
Available diffs
- diff from 1.0.1-2ubuntu1 to 1.0.2-1ubuntu1 (27.6 KiB)
Superseded in saucy-release |
Obsolete in raring-release |
Deleted in raring-proposed (Reason: moved to release) |
freerdp (1.0.1-2ubuntu1) raring; urgency=low * Merge from Debian unstable. Remaining changes: - debian/control, debian/rules: Drop avcodec/ffmpeg support - debian/patches/remote-control.diff: Fix crash in Remote Control - debian/patches/cherry-48ad5feb0a6ad831d863f89ed74b443021e54303.patch: Fix freerdp extension handling problem. - debian/patches/backport-from-stdin.patch: Add --from-stdin - debian/patches/allow-null-domain.patch: Allow null domains from stdin * debian/patches/cherry-pick-8293c5b4cb072038fe2bdc15207ee6de4e291879: - Dropped, included in Debian
Available diffs
- diff from 1.0.1-1ubuntu7 to 1.0.1-2ubuntu1 (11.0 KiB)
freerdp (1.0.1-1ubuntu2.2) precise-proposed; urgency=low * Cherry pick upstream bugfix for crash when $HOME is unset. (LP: #1011790) -- Stephane Graber <email address hidden> Sun, 11 Nov 2012 18:39:50 -0500
Available diffs
- diff from 1.0.1-1ubuntu2.1 to 1.0.1-1ubuntu2.2 (903 bytes)
freerdp (1.0.1-1ubuntu7) quantal; urgency=low * debian/patches/allow-null-domain.patch: - When passing in arguments over stdin, allow user to not specify a domain with either an empty string or just a period. LP: #1047144 -- Michael Terry <email address hidden> Fri, 07 Sep 2012 12:36:39 -0400
Available diffs
Superseded in quantal-release |
freerdp (1.0.1-1ubuntu6) quantal; urgency=low * debian/patches/backport-from-stdin.patch: - Backport support for --from-stdin, which allows a caller to specify username, password, etc without having them exposed on the command line. * debian/libfreerdp1.symbols: - Update due to above patch -- Michael Terry <email address hidden> Tue, 14 Aug 2012 12:43:55 -0400
Available diffs
Superseded in quantal-release |
freerdp (1.0.1-1ubuntu5) quantal; urgency=low * Add debian/patches/cherry-48ad5feb0a6ad831d863f89ed74b443021e54303.patch: Fix freerdp extension handling problem. (LP: 1015897) -- Ying-Chun Liu (PaulLiu) <email address hidden> Thu, 21 Jun 2012 13:34:16 +0800
Available diffs
Superseded in quantal-release |
freerdp (1.0.1-1ubuntu4) quantal; urgency=low * Cherry pick upstream bugfix for crash when $HOME is unset. (LP: #1011790) -- Stephane Graber <email address hidden> Wed, 13 Jun 2012 19:08:57 -0400
Available diffs
- diff from 1.0.1-1ubuntu3 to 1.0.1-1ubuntu4 (894 bytes)
freerdp (1.0.1-1ubuntu2.1) precise-proposed; urgency=low * debian/patches/remote_control.diff: Cherry pick patch from upstream. This fixes crash in 'Remote Control'. (LP: #1000356) -- Jean-Louis Dupond <email address hidden> Thu, 24 May 2012 13:52:13 +0200
Available diffs
- diff from 1.0.1-1ubuntu2 to 1.0.1-1ubuntu2.1 (867 bytes)
Superseded in quantal-release |
freerdp (1.0.1-1ubuntu3) quantal; urgency=low [ Jean-Louis Dupond ] * debian/patches/remote_control.diff: Cherry pick patch from upstream. This fixes crash in 'Remote Control'. (LP: #1000356) [ Michael Terry ] * debian/*.install: Update for multiarch locations -- Michael Terry <email address hidden> Thu, 24 May 2012 14:25:00 -0400
Available diffs
freerdp (1.0.1-1ubuntu2) precise; urgency=low * debian/rules: Drop -Skde, autodetection will work fine. -- Martin Pitt <email address hidden> Tue, 14 Feb 2012 14:34:18 +0100
Available diffs
- diff from 1.0.1-1ubuntu1 to 1.0.1-1ubuntu2 (482 bytes)
Superseded in precise-release |
freerdp (1.0.1-1ubuntu1) precise; urgency=low * debian/control, debian/rules: Drop libavcodec-dev build dependency and disable ffmpeg support, to avoid the banned libavcodec53 on the installation images. Support for MMR will come back later in the planned gstreamer rewrite. (LP: #931931) -- Martin Pitt <email address hidden> Tue, 14 Feb 2012 13:26:44 +0100
Available diffs
- diff from 1.0.1-1 (in Debian) to 1.0.1-1ubuntu1 (964 bytes)
freerdp (1.0.1-1) unstable; urgency=low [ Jeremy Bicha ] * New upstream release. Closes: #659332. * Updated symbols -- Otavio Salvador <email address hidden> Sat, 11 Feb 2012 10:34:05 -0200
Available diffs
Superseded in precise-release |
freerdp (1.0.0-2fakesync1) precise; urgency=low * Fake sync due to mismatching orig tarball.
Available diffs
- diff from 1.0.0-0git1 to 1.0.0-2fakesync1 (1020 bytes)
Superseded in precise-release |
freerdp (1.0.0-0git1) precise; urgency=low Upload current Debian packaging git to get this rolling for precise. [ Jeremy Bicha ] * New upstream release. Closes: #647498. * Updated symbols and bumped soname * debian/control: - Added new build dependencies - Bump Standards-Version to 3.9.2 * debian/source/format: Set to 3.0 (quilt) * debian/rules: Turn on strict symbols checking * debian/watch: Watch github [ Jean-Louis Dupond ] * debian/control: Updated homepage * debian/copyright: Reflect upstream switch to the Apache license [ Martin Pitt ] * debian/libfreerdp0.symbols: Fix version number, should be 1.0~beta5, not 1.0-beta5. * debian/control: Add libavcodec-dev build dependency, upstream build system checks for that. Thanks Jean-Louis Dupond! -- Martin Pitt <email address hidden> Tue, 31 Jan 2012 10:02:14 +0100
Available diffs
- diff from 0.8.2-2build1 to 1.0.0-0git1 (2.3 MiB)
freerdp (0.8.2-2build1) oneiric; urgency=low * Rebuild for OpenSSL 1.0.0. -- Colin Watson <email address hidden> Tue, 17 May 2011 12:00:12 +0100
Available diffs
- diff from 0.8.2-2 to 0.8.2-2build1 (305 bytes)
freerdp (0.8.2-2) unstable; urgency=low * freerdp-x11: recommends libfreerdp-plugins-standard. Closes: #603462. -- Ubuntu Archive Auto-Sync <email address hidden> Sat, 20 Nov 2010 11:15:40 +0000
Available diffs
- diff from 0.8.2-1 to 0.8.2-2 (458 bytes)
freerdp (0.8.2-1) unstable; urgency=low * New upstream version. -- Ubuntu Archive Auto-Sync <email address hidden> Mon, 15 Nov 2010 09:18:15 +0000
Available diffs
- diff from 0.8.1-2 to 0.8.2-1 (9.6 KiB)
freerdp (0.8.1-2) unstable; urgency=low * Add symbols file to allow for correct depends. Closes: #602218. -- Ubuntu Archive Auto-Sync <email address hidden> Thu, 04 Nov 2010 11:41:39 +0000
Available diffs
- diff from 0.8.1-1 to 0.8.1-2 (3.5 KiB)
freerdp (0.8.1-1) unstable; urgency=low * New upstream release. -- Ubuntu Archive Auto-Sync <email address hidden> Tue, 26 Oct 2010 11:21:44 +0000
Available diffs
- diff from 0.7.4-1 to 0.8.1-1 (239.9 KiB)
freerdp (0.7.4-1) unstable; urgency=low * New upstream release. - Fixes connection with VirtualBox RDP server. Closes: #592454. * Bump standards-version; no changes needed.
Available diffs
- diff from 0.7.2-1 to 0.7.4-1 (20.2 KiB)
freerdp (0.7.2-1) unstable; urgency=low * New upstream release.
1 → 37 of 37 results | First • Previous • Next • Last |