Date: Tue, 28 Jul 2020 04:38:20 +0000 (UTC) From: Kyle Evans <kevans@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r543570 - head/security/vuxml Message-ID: <202007280438.06S4cK8m002474@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kevans Date: Tue Jul 28 04:38:19 2020 New Revision: 543570 URL: https://svnweb.freebsd.org/changeset/ports/543570 Log: security/vuxml: document new vulnerability in net/freerdp < 2.2.0 PR: 248198 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Jul 28 03:35:37 2020 (r543569) +++ head/security/vuxml/vuln.xml Tue Jul 28 04:38:19 2020 (r543570) @@ -58,6 +58,44 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="a955cdb7-d089-11ea-8c6f-080027eedc6a"> + <topic>FreeRDP -- Integer overflow in RDPEGFX channel</topic> + <affects> + <package> + <name>freerdp</name> + <range><lt>2.2.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Bernhard Miklautz reports:</p> + <blockquote cite="https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9"> + <ul> + <li> + Integer overflow due to missing input sanitation in rdpegfx channel + </li> + <li>All FreeRDP clients are affected</li> + <li> + The input rectangles from the server are not checked against local + surface coordinates and blindly accepted. A malicious server can send + data that will crash the client later on (invalid length arguments to + a memcpy) + </li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>https://www.freerdp.com/2020/07/20/2_2_0-released</url> + <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15103</url> + <cvename>CVE-2020-15103</cvename> + </references> + <dates> + <discovery>2020-06-25</discovery> + <entry>2020-07-28</entry> + </dates> + </vuln> + <vuln vid="e333084c-9588-4eee-8bdc-323e02cb4fe0"> <topic>zeek -- Various vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202007280438.06S4cK8m002474>