freerdp3 - Debian Package Tracker

general

source: freerdp3 (main)
version: 3.20.2+dfsg-1
maintainer: Debian Remote Maintainers (archive) (DMD)
uploaders: Mike Gabriel [DMD] – Michael Tokarev [DMD] – Bernhard Miklautz [DMD]
arch: any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

old-bpo: 3.10.3+dfsg-1~bpo12+1
stable: 3.15.0+dfsg-2.1
testing: 3.20.0+dfsg-1
unstable: 3.20.2+dfsg-1

versioned links

3.10.3+dfsg-1~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.15.0+dfsg-2.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.20.0+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.20.2+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

freerdp3-dev
freerdp3-proxy
freerdp3-proxy-modules
freerdp3-sdl (1 bugs: 0, 0, 1, 0)
freerdp3-shadow-x11
freerdp3-wayland
freerdp3-x11 (1 bugs: 0, 1, 0, 0)
libfreerdp-client3-3
libfreerdp-server-proxy3-3
libfreerdp-server3-3
libfreerdp-shadow-subsystem3-3
libfreerdp-shadow3-3
libfreerdp3-3 (1 bugs: 0, 1, 0, 0)
libwinpr-tools3-3
libwinpr3-3
libwinpr3-dev
winpr3-utils

action needed

9 security issues in forky high

There are 9 open security issues in forky.

9 important issues:

CVE-2026-22851: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl->primary (SDL_Surface) is accessed after it has been freed during RDPGFX ResetGraphics handling. This vulnerability is fixed in 3.20.1.
CVE-2026-22852: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input (AUDIN) format lists. audin_process_formats reuses callback->formats_count across multiple MSG_SNDIN_FORMATS PDUs and writes past the newly allocated formats array, causing memory corruption and a crash. This vulnerability is fixed in 3.20.1.
CVE-2026-22853: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array. This vulnerability is fixed in 3.20.1.
CVE-2026-22854: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory. This vulnerability is fixed in 3.20.1.
CVE-2026-22855: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1.
CVE-2026-22856: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial->IrpThreads while another reads it. This vulnerability is fixed in 3.20.1.
CVE-2026-22857: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on the error path. This vulnerability is fixed in 3.20.1.
CVE-2026-22858: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypass the intended range restriction and be used as an index into a global lookup table, causing out-of-bounds access. This vulnerability is fixed in 3.20.1.
CVE-2026-22859: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, causing an out‑of‑bounds read. This vulnerability is fixed in 3.20.1.

Created: 2026-01-15 Last update: 2026-01-15 15:17

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2025-09-18 Last update: 2026-01-17 04:00

lintian reports 145 warnings normal

Lintian reports 145 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-01-14 Last update: 2026-01-15 03:00

1 open merge request in Salsa normal

There is 1 open merge request for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-09-06 Last update: 2025-12-18 07:03

AppStream hints: 2 warnings for freerdp3-sdl,freerdp3-x11 normal

AppStream found metadata issues for packages:

freerdp3-sdl: 1 warning
freerdp3-x11: 1 warning

You should get rid of them to provide more metadata about this software.

Created: 2025-04-15 Last update: 2025-04-15 06:03

9 low-priority security issues in trixie low

There are 9 open security issues in trixie.

9 issues left for the package maintainer to handle:

CVE-2026-22851: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl->primary (SDL_Surface) is accessed after it has been freed during RDPGFX ResetGraphics handling. This vulnerability is fixed in 3.20.1.
CVE-2026-22852: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input (AUDIN) format lists. audin_process_formats reuses callback->formats_count across multiple MSG_SNDIN_FORMATS PDUs and writes past the newly allocated formats array, causing memory corruption and a crash. This vulnerability is fixed in 3.20.1.
CVE-2026-22853: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array. This vulnerability is fixed in 3.20.1.
CVE-2026-22854: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory. This vulnerability is fixed in 3.20.1.
CVE-2026-22855: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1.
CVE-2026-22856: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial->IrpThreads while another reads it. This vulnerability is fixed in 3.20.1.
CVE-2026-22857: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on the error path. This vulnerability is fixed in 3.20.1.
CVE-2026-22858: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypass the intended range restriction and be used as an index into a global lookup table, causing out-of-bounds access. This vulnerability is fixed in 3.20.1.
CVE-2026-22859: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, causing an out‑of‑bounds read. This vulnerability is fixed in 3.20.1.

You can find information about how to handle these issues in the security team's documentation.

Created: 2026-01-15 Last update: 2026-01-15 15:17

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.3 instead of 4.7.2).

Created: 2025-12-23 Last update: 2026-01-14 17:30

testing migrations

This package will soon be part of the auto-icu transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- Migration status for freerdp3 (3.20.0+dfsg-1 to 3.20.2+dfsg-1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Autopkgtest for freerdp3/3.20.2+dfsg-1: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Autopkgtest for gnome-remote-desktop/49.2-2: amd64: Pass, arm64: Pass, i386: No tests, superficial or marked flaky ♻ (reference ♻), ppc64el: Pass, riscv64: Pass, s390x: Regression ♻ (reference ♻)
- ∙ ∙ Too young, only 3 of 5 days old
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/f/freerdp3.html
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- Not considered

news

[rss feed]

[2026-01-14] Accepted freerdp3 3.20.2+dfsg-1 (source) into unstable (Michael Tokarev)
[2025-12-20] freerdp3 3.20.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-12-18] Accepted freerdp3 3.20.0+dfsg-1 (source) into unstable (Michael Tokarev)
[2025-12-16] freerdp3 3.19.1+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-12-12] Accepted freerdp3 3.19.1+dfsg-1 (source) into unstable (Michael Tokarev)
[2025-12-08] freerdp3 3.19.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-12-05] Accepted freerdp3 3.19.0+dfsg-1 (source) into unstable (Michael Tokarev)
[2025-11-18] freerdp3 3.18.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-11-15] Accepted freerdp3 3.18.0+dfsg-1 (source) into unstable (Michael Tokarev)
[2025-09-25] freerdp3 3.17.2+dfsg-3 MIGRATED to testing (Debian testing watch)
[2025-09-25] freerdp3 3.17.2+dfsg-3 MIGRATED to testing (Debian testing watch)
[2025-09-23] Accepted freerdp3 3.17.2+dfsg-3 (source) into unstable (Michael Tokarev)
[2025-09-19] Accepted freerdp3 3.17.2+dfsg-2 (source) into unstable (Michael Tokarev)
[2025-09-19] Accepted freerdp3 3.17.2+dfsg-1 (source) into unstable (Michael Tokarev)
[2025-09-10] freerdp3 3.17.1+dfsg-2 MIGRATED to testing (Debian testing watch)
[2025-09-06] Accepted freerdp3 3.17.1+dfsg-2 (source) into unstable (Michael Tokarev)
[2025-09-01] Accepted freerdp3 3.17.1+dfsg-1 (source) into unstable (Michael Tokarev)
[2025-08-25] freerdp3 3.17.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-08-22] Accepted freerdp3 3.17.0+dfsg-1 (source) into unstable (Michael Tokarev)
[2025-08-13] freerdp3 3.16.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2025-07-14] Accepted freerdp3 3.16.0+dfsg-2 (source) into unstable (Michael Tokarev)
[2025-06-25] Accepted freerdp3 3.16.0+dfsg-1 (source) into unstable (Michael Tokarev)
[2025-05-28] freerdp3 3.15.0+dfsg-2.1 MIGRATED to testing (Debian testing watch)
[2025-05-26] Accepted freerdp3 3.15.0+dfsg-2.1 (source) into unstable (Daniel Baumann)
[2025-05-05] freerdp3 3.15.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2025-04-25] Accepted freerdp3 3.15.0+dfsg-2 (source) into unstable (Michael Tokarev)
[2025-04-25] freerdp3 3.15.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-04-14] Accepted freerdp3 3.15.0+dfsg-1 (source) into unstable (Michael Tokarev)
[2025-04-12] freerdp3 3.14.1+dfsg-2 MIGRATED to testing (Debian testing watch)
[2025-03-29] Accepted freerdp3 3.14.1+dfsg-2 (source) into unstable (Michael Tokarev)

bugs [bug history graph]

all: 4
RC: 0
I&N: 3
M&W: 1
F&P: 0
patch: 1

links

homepage
lintian (0, 145)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.20.2+dfsg-1