Update freerdp3 to 3.5.0
Bug #2061907 reported by
Jeremy Bícha
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
freerdp3 (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
freerdp 3.5.0 was released as a security update.
https:/
https:/
There are a very large number of coverity fixes and bound check fixes and resource leak updates in the new release. It does not look very practical to cherry-pick only some of those fixes. And the git commits aren't directly associated with which CVE they are supposed to fix.
CVE References
Changed in freerdp3 (Ubuntu): | |
status: | Triaged → In Progress |
Changed in freerdp3 (Ubuntu): | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
This bug was fixed in the package freerdp3 - 3.5.0+dfsg1- 0ubuntu1
--------------- dfsg1-0ubuntu1) noble; urgency=medium
freerdp3 (3.5.0+
* New upstream release (LP: #2061907) decompress_ residual_ data _segment skip_plane_ rle decompress
- CVE-2024-32039 [Moderate] Integer overflow & OutOfBound Write in
clear_
- CVE-2024-32040 [Low] integer underflow in nsc_rle_decode
- CVE-2024-32041 [Low] OutOfBound Read in zgfx_decompress
- CVE-2024-32458 [Low] OutOfBound Read in planar_
- CVE-2024-32459 [Low] OutOfBound Read in ncrush_decompress
- CVE-2024-32460 [Low] OutOfBound Read in interleaved_
-- Jeremy Bícha <email address hidden> Tue, 16 Apr 2024 17:23:57 -0400