Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted freerdp2 2.3.0+dfsg1-2+deb11u2 (source) into oldstable-security
Date: Sat, 15 Feb 2025 16:40:22 +0000
Signed by: Tobias Frost <tobi@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 15 Feb 2025 17:01:43 +0100
Source: freerdp2
Architecture: source
Version: 2.3.0+dfsg1-2+deb11u2
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Remote Maintainers <debian-remote@lists.debian.org>
Changed-By: Tobias Frost <tobi@debian.org>
Closes: 1001062 1021659 1051638 1061173 1069728 1072112
Changes:
 freerdp2 (2.3.0+dfsg1-2+deb11u2) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * Enable CI on salsa.
   * Import fix for CVE-2021-41160 - Improper region checks in all clients
     allow out of bound write to memory (Closes: #1001062)
   * Import fix for CVE-2022-24883 - FreeRDP Server authentication might allow
     invalid credentials to pass.
   * Import fix for (see #1024511)
     - CVE-2022-39316 - Out of bound read in zgfx decoder and
     - CVE-2022-39318 - Division by zero in urbdrc channel
     - CVE-2022-39319 - Missing length validation in urbdrc channel
     - CVE-2022-39347 - Missing path sanitation with `drive` channel
     - CVE-2022-41877 - Missing input length validation in `drive` channel
   * Import fix for CVE-2022-39282 and CVE-2022-39283 (Closes: #1021659)
   * Backporting/Importing upstream patches for (Closes: #1051638)
     CVE-2023-39350 CVE-2023-39351 CVE-2023-39352 CVE-2023-39353
     CVE-2023-39354 CVE-2023-39356 CVE-2023-40567 CVE-2023-40181
     CVE-2023-40186 CVE-2023-40188 CVE-2023-40569 CVE-2023-40589
   * Import fixes for:
     - CVE-2024-22211 (Closes: #1061173)
     - CVE-2024-32039 CVE-2024-32040 CVE-2024-32458 CVE-2024-32459
       CVE-2024-32460 (Closes: #1069728)
     - CVE-2024-32658 CVE-2024-32659 CVE-2024-32660 CVE-2024-32661
       (Closes: #1072112)
     Thanks to Adrian Bunk for preparing the patches.
Checksums-Sha1:
 590e2b2457fc87d8cbd01a52646b35d9e06f62f2 3556 freerdp2_2.3.0+dfsg1-2+deb11u2.dsc
 67a68c8d283e4ec40c858a1bd48fcea1c6133bcb 87956 freerdp2_2.3.0+dfsg1-2+deb11u2.debian.tar.xz
 40cb13674ab5bb5cb7283be3cb4fd29bcfc3a00a 24343 freerdp2_2.3.0+dfsg1-2+deb11u2_amd64.buildinfo
Checksums-Sha256:
 f41cca575da5b3300db29279123c151249c722b8f78d9714f143e2b9c7e9383b 3556 freerdp2_2.3.0+dfsg1-2+deb11u2.dsc
 c80156ccb023b58eb5ecb981cdd77ee26e1b0195e270255c2eb1511a2315cc17 87956 freerdp2_2.3.0+dfsg1-2+deb11u2.debian.tar.xz
 47274164b9672f10a0332644c505516ed45c1e9bebe4d145ea755d7a63cd999b 24343 freerdp2_2.3.0+dfsg1-2+deb11u2_amd64.buildinfo
Files:
 ec36c92dcdfdb36864425c384c00a007 3556 x11 optional freerdp2_2.3.0+dfsg1-2+deb11u2.dsc
 e5a7c93a42cae0d72f63902162712164 87956 x11 optional freerdp2_2.3.0+dfsg1-2+deb11u2.debian.tar.xz
 a014a51ade7a21b34e75eb9b33aa0400 24343 x11 optional freerdp2_2.3.0+dfsg1-2+deb11u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmewvSwACgkQkWT6HRe9
XTbOwg/6A5cC0q3GVLKb49wAwcNAtABIqCfLASIHNEPDZ1ugG5ipFToIJ8Npyg74
IMwEWhGGbrrugA0y3ZMEoW03smhqj4WiYw+sdXeE6p2zKlp5Q//dUhMothh9v7DI
iQgKh47al13hjaq845P6wya5MIVR01VV8LvGHvq9IMX5tysmWmcz7rPl7og0MVj1
Rdo0xCxxh2jDs+FSvyfF9ETAWjbW89tHC/JV5fBpACFte6l1dHwcxugAh5eZxOVi
L+JOJTqsLUO5WRMmpMJDI8kAAgbkw3snv7cvZ8/P0ubOT7uKjL1tbBreqKqQnmfi
85k/MDXCtlofaLYtrl4+7n8jCI4e3xeyclCkd8TJrI7yqc/n1+NMjAAeK11Fok2z
GYbMvvMFqDswWLO26l/kmgpsGSlsIo8L3Form3uPUOsFoDYOznyE5svfzADbpHTb
zqgZF8hd8CbDS6vW66Bb5Gx1PIHfe4uzEaJ5mzq2bAH15oU0Hmusd7X1Yx/oPior
GJlMJ78f7M2bmYrvAliUeES07DF5uUAaTxFu1ylaEWks+lhIfLaSJU0WaJfAqW7f
1/6JIID8NXCWAwveFyuucZQWfTSJMqbFTwiyBFgIkspkuSnVJX1ilFPGa5Hzh7F6
lktBZrum/kwQKyGQxT8X3/ZIbs61NRlXi6+rxuB7xvjX/ucCd7A=
=mbFz
-----END PGP SIGNATURE-----
News for package freerdp2
