-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 16 Jun 2026 09:02:32 +0300
Source: freerdp3
Architecture: source
Version: 3.27.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Remote Maintainers <debian-remote@lists.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Changes:
freerdp3 (3.27.0+dfsg-1) unstable; urgency=medium
.
* a major feature/bugfix/cleanup upstream release, including:
- TLS seclevel now defaults to 2 and a minimum of TLS 1.2 is required
- Enhancements with Azure/Entra support
- keyboard mapping
- Allow RDPDR channel to pass additional arguments to the channel
- Some client side statistics logging API was added
- security fixes:
- Heap-buffer-overflow write in TS Gateway RPC RESPONSE reassembly
due to alloc_hint capacity mismatch
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9gxm-3mf5-f5cx
- Heap-buffer-overflow write in TS Gateway RPC fragment receive
due to uncapped bind_ack max_xmit_frag
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rp4-66mc-j9vx
- Out-of-bounds read in H.264 YUV-to-RGB conversion
due to decoder/surface dimension mismatch
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3mmf-qh4f-frm6
- Heap-buffer-overflow write in AVC444 YUV buffer allocation
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vx73-w5q6-7jqr
- integer Overflow in `freerdp_image_copy_from_icon_data`
Bypasses Bounds Check
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5c5v-f78v-h2f6
* add new symbols to: libfreerdp, libfreerdp-client, libfreerdp-server-proxy,
libwinpr
* Revert "d/rules: -DWITH_INTERNAL_MD4=ON, due to libssl/libcrypto does not
provide it (anymore?)" -- this was an issue in freerdp, now fixed
* update previous changelog entry to include mentions of security fixes
Checksums-Sha1:
dc914110a8c09a474e98aeed995cb86c6c27bcb8 4559 freerdp3_3.27.0+dfsg-1.dsc
8b4178820838c1c8893c9e8fb7bdccd831e4a263 5194204 freerdp3_3.27.0+dfsg.orig.tar.xz
c64c4873911d5cea1d6ddb4a4e94c580af83e6af 55340 freerdp3_3.27.0+dfsg-1.debian.tar.xz
3086962aa315be266c92b476b6690eee6b4b9cd3 6089 freerdp3_3.27.0+dfsg-1_source.buildinfo
Checksums-Sha256:
33102a5dc65977902fd07b987cf9afc3dfdeb9a56cdb1fea231187142a28534d 4559 freerdp3_3.27.0+dfsg-1.dsc
4fd5a8b0f81070d4b61dadd23b35dc46c1b45c37b22a374fbf3358038135932c 5194204 freerdp3_3.27.0+dfsg.orig.tar.xz
530ab244d2482819be57248a1a68d2a088e32d0a168b8005a838d5624285609f 55340 freerdp3_3.27.0+dfsg-1.debian.tar.xz
39862820672173e73f425efd4df33c55a8dcf1a8be0585a7a3e5893ac7c5b3dc 6089 freerdp3_3.27.0+dfsg-1_source.buildinfo
Files:
185e53f7b053aecdfcd53f37bf3a9f3d 4559 x11 optional freerdp3_3.27.0+dfsg-1.dsc
541d9f0d6725ff42c5b3294d3ea60120 5194204 x11 optional freerdp3_3.27.0+dfsg.orig.tar.xz
28a362a8dc4965964a264073fc92ad51 55340 x11 optional freerdp3_3.27.0+dfsg-1.debian.tar.xz
c980fad36c0e1c5fb96f99a7c173208f 6089 x11 optional freerdp3_3.27.0+dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJqMOc4CRCCqkokOx6UeEcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmdwa/g5byU5Eg3S3vGcbOSsWn9kWkRPPoVM0LZf4RIf
lRYhBGSqKrUx1WkDNmv++YKqSiQ7HpR4AAB1qxAAwQ/OJHiiYBaqGvb9c4hZZRDP
8W0Lb+6sms4fkS2qQEE/pE2GMkYjF2cZ7xw4EnbfNKp1+rgUeeB5vVMeSe0NXJxS
WoVO+4c7gNzGP1YFy4mMhE7yaE9qIc0P66J4r5scVexFyPc/DLKNhbQvjjSZv/Ub
VzPG70w59ZmUaV+UNbusSwWrGZ1hL0VZXk40sBbx/v0YYkwPCZIkd2ETW7md4kch
aAC67B2SYHrVwrejfd6Fw5KNFrpN+U8s1EWGyIQqTCRPxEfT2BnC7+ZfYYbE6n65
WBvLVxyT5uu02yBzPBtX4lL52v23w4bSBjLokIJgfJcp/aIaifvM016JY2HSXerD
mEuE5KbmD+g1/9dw9bPzHoT8AANO7yIwyADTkBc8Ezx0A2RpnvbBygidO9ttHdUq
ofLfCcgVgORzR8U1j5B5ZbdtC9RTsi85twTT7XTU8BqKvFMqwHWb0SkEsPjMwbAE
43xVonJele1IazYgAoWDNFpsy+z4i5xqbE1Mxi9e1/6sqTVZTk1Z8JAdR464nZr3
dbR0ghvtLe3BlY+jvr3l5iBrZiFYpFpdiXu8fzUI7EJE7b18p3sn1n/2cBCCCtH0
KdXO0XS6UB9DIv2kH2etmLO2X95aVWS8CqWNEqxAxaSKlnSEVlDGhjYbmmd/0UPk
so5Y14woj3rKSqINy+0=
=nx60
-----END PGP SIGNATURE-----
