Date: Fri, 24 Feb 2023 13:41:50 GMT From: =?utf-8?Q?Fernando=20Apestegu=C3=ADa?= <fernape@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: a9185f053f0c - main - security/vuxml: document vulnerabilities for net/freerdp Message-ID: <202302241341.31ODfoWN074655@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=a9185f053f0c2240e239ef6ad68c82fcdb8c49f2 commit a9185f053f0c2240e239ef6ad68c82fcdb8c49f2 Author: Fernando ApesteguĂa <fernape@FreeBSD.org> AuthorDate: 2023-02-24 13:23:01 +0000 Commit: Fernando ApesteguĂa <fernape@FreeBSD.org> CommitDate: 2023-02-24 13:36:11 +0000 security/vuxml: document vulnerabilities for net/freerdp CVE-2022-39282 and CVE-2022-39283. PR: 269667 Reported by: grahamperrin@freebsd.org --- security/vuxml/vuln/2023.xml | 63 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 2ba2c6e0ac95..2a52f204707f 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,66 @@ + <vuln vid="dd271de6-b444-11ed-9268-b42e991fc52e"> + <topic>freerdp -- clients using the `/video` command line switch might read uninitialized data</topic> + <affects> + <package> + <name>freerdp</name> + <range><lt>2.8.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>MITRE reports:</p> + <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39283">; + <p> + All FreeRDP based clients when using the `/video` + command line switch might read uninitialized data, decode + it as audio/video and display the result. FreeRDP based + server implementations are not affected. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2022-39283</cvename> + <url>https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh</url>; + </references> + <dates> + <discovery>2022-10-13</discovery> + <entry>2023-02-24</entry> + </dates> + </vuln> + + <vuln vid="c682923d-b444-11ed-9268-b42e991fc52e"> + <topic>freerdp -- clients using `/parallel` command line switch might read uninitialized data</topic> + <affects> + <package> + <name>freerdp</name> + <range><lt>2.8.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>MITRE reports:</p> + <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39282">; + <p> + FreeRDP based clients on unix systems using + `/parallel` command line switch might read uninitialized + data and send it to the server the client is currently + connected to. FreeRDP based server implementations are not + affected. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2022-39282</cvename> + <url>https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq</url>; + </references> + <dates> + <discovery>2022-10-13</discovery> + <entry>2023-02-24</entry> + </dates> + </vuln> + <vuln vid="4d6b5ea9-bc64-4e77-a7ee-d62ba68a80dd"> <topic>chromium -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202302241341.31ODfoWN074655>