freerdp3 - Debian Package Tracker

general

source: freerdp3 (main)
version: 3.27.0+dfsg-1
maintainer: Debian Remote Maintainers (archive) (DMD)
uploaders: Mike Gabriel [DMD] – Michael Tokarev [DMD] – Bernhard Miklautz [DMD]
arch: all any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

old-bpo: 3.10.3+dfsg-1~bpo12+1
stable: 3.15.0+dfsg-2.1+deb13u3
stable-bpo: 3.26.0+dfsg-1~bpo13+1
testing: 3.27.0+dfsg-1
unstable: 3.27.0+dfsg-1

versioned links

3.10.3+dfsg-1~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.15.0+dfsg-2.1+deb13u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.26.0+dfsg-1~bpo13+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.27.0+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

freerdp-proxy
freerdp-proxy-modules
freerdp-sdl
freerdp-shadow-x11
freerdp-wayland (1 bugs: 0, 1, 0, 0)
freerdp-x11
freerdp3-dev
freerdp3-proxy
freerdp3-proxy-modules
freerdp3-sdl (1 bugs: 0, 0, 1, 0)
freerdp3-shadow-x11
freerdp3-wayland
freerdp3-x11
libfreerdp-client3-3
libfreerdp-server-proxy3-3
libfreerdp-server3-3
libfreerdp-shadow-subsystem3-3
libfreerdp-shadow3-3
libfreerdp3-3
libwinpr-tools3-3
libwinpr3-3
libwinpr3-dev
winpr-utils
winpr3-utils

action needed

A new upstream version is available: 3.27.1 high

A new upstream version 3.27.1 is available, you should consider packaging it.

Created: 2026-06-20 Last update: 2026-06-25 18:00

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0:00:57
Last run: 2026-06-24T06:28:35.000Z
Previous status: unknown

testing: pass (log)
The tests ran in 0:00:51
Last run: 2026-06-21T04:31:20.000Z
Previous status: unknown

stable: pass (log)
The tests ran in 0:00:54
Last run: 2025-11-08T21:05:21.000Z
Previous status: unknown

Created: 2026-04-25 Last update: 2026-06-25 17:31

4 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 2acef1dd759b302d4f2518b82f33ebdccbe3fbd6
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Thu Jun 25 07:43:23 2026 +0300

    stop disabling PKCS11 on ubuntu (Closes: #1140689)

commit 66dd0877d3e8a81c5c85ec0708716b397f9d795f
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Thu Jun 25 07:40:43 2026 +0300

    Revert "Don't build sso-mib feature on i386"
    
    This reverts commit 8f4fd87d8e234cb8a5f03d15b57c90528b069699.
    
    Not needed anymore.

commit ca0e3b5b04540b43e135a75084675f8b9615cdb0
Author: Grayson Wolf <grayson.wolf@canonical.com>
Date:   Fri Jun 5 13:53:07 2026 -0400

    fix test failures by enforcing TLS security
    
    this is causing test failures in Ubuntu, and looking at debci it is
    intermittently causing test failures in Debian as well.
    
    also fixes syntax errors in the shell causing the natural number port
    test to emit warnings

commit 8f4fd87d8e234cb8a5f03d15b57c90528b069699
Author: Jeremy Bícha <jbicha@ubuntu.com>
Date:   Thu May 7 13:24:08 2026 -0400

    Don't build sso-mib feature on i386
    
    Fixes freerdp3 being stuck waiting for
    Build-Depends: libsso-mib-dev on Ubuntu i386
    https://launchpad.net/ubuntu/+source/freerdp3/3.26.0+dfsg-1

Created: 2026-06-24 Last update: 2026-06-25 05:03

lintian reports 233 warnings normal

Lintian reports 233 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-06-16 Last update: 2026-06-16 17:01

AppStream hints: 2 warnings for freerdp-x11,freerdp-sdl normal

AppStream found metadata issues for packages:

freerdp-sdl: 1 warning
freerdp-x11: 1 warning

You should get rid of them to provide more metadata about this software.

Created: 2026-02-11 Last update: 2026-02-11 20:01

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

winpr3-utils could be marked Multi-Arch: foreign

Created: 2026-02-11 Last update: 2026-06-25 13:30

7 low-priority security issues in trixie low

There are 7 open security issues in trixie.

7 issues left for the package maintainer to handle:

CVE-2026-27950: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the SDL2 implementation, the fix appears to have been applied only to the SDL3 code path. In the SDL2 implementation, the pointer is not nulled after free. This creates a situation where the advisory suggests the vulnerability is fully resolved, while builds or environments still using SDL2 may retain the vulnerable logic. A complete fix is available in version 3.23.0.
CVE-2026-27951: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function `Stream_EnsureCapacity` can create an endless blocking loop. This may affect all client and server implementations using `FreeRDP`. For practical exploitation this will only work on 32bit systems where the available physical memory is `>= SIZE_MAX`. Version 3.23.0 contains a patch. No known workarounds are available.
CVE-2026-40033: (needs triaging) FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16_MAX but performs copy operations using unclamped cache entry dimensions, enabling malicious RDP servers to trigger large out-of-bounds writes and potentially achieve remote code execution or client crash.
CVE-2026-44420: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process (remote DoS) and may be exploitable for code execution because it corrupts heap memory. This vulnerability is fixed in 3.26.0.
CVE-2026-44421: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a destination rectangle that is clamped to UINT16_MAX, but then performs the copy using the original cacheEntry->width/height. This can cause a large out-of-bounds heap write and may lead to client crashes or code execution. This bug is reachable from a malicious RDP server, but only when the client has RDPGFX enabled. This vulnerability is fixed in 3.26.0.
CVE-2026-44422: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is reused across two pointer fields, the parser assigns the same heap object to both output fields. The generic destructor later walks each field independently and destroys/frees both pointers. This causes a malicious-server-triggerable heap use-after-free / double-free in the FreeRDP client's RDPEAR authentication-redirection path. This vulnerability is fixed in 3.26.0.
CVE-2026-45700: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/planar.c, freerdp_bitmap_decompress_planar() validates the X destination coordinate nXDst against the caller-provided destination stride (nDstStep) even when it is writing into the internal temp buffer pTempData. An attacker can bypass the check with a large nDstStep and a large nXDst, causing planar_decompress_plane_rle() to write past the end of pTempData. This vulnerability is fixed in 3.26.0.

You can find information about how to handle these issues in the security team's documentation.

Created: 2026-02-26 Last update: 2026-06-21 07:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.2).

Created: 2025-12-23 Last update: 2026-06-16 13:33

testing migrations

This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2026-06-21] freerdp3 3.27.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2026-06-16] Accepted freerdp3 3.27.0+dfsg-1 (source) into unstable (Michael Tokarev)
[2026-06-12] Accepted freerdp3 3.26.0+dfsg-1~bpo13+1 (source) into stable-backports (Michael Tokarev)
[2026-05-17] freerdp3 3.26.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2026-05-06] Accepted freerdp3 3.15.0+dfsg-2.1+deb13u3 (source) into proposed-updates (Debian FTP Masters) (signed by: Michael Tokarev)
[2026-05-06] Accepted freerdp3 3.26.0+dfsg-1 (source) into unstable (Michael Tokarev)
[2026-05-03] Accepted freerdp3 3.15.0+dfsg-2.1+deb13u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Michael Tokarev)
[2026-05-02] Accepted freerdp3 3.15.0+dfsg-2.1+deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Michael Tokarev)
[2026-04-30] Accepted freerdp3 3.25.0+dfsg-5 (source) into unstable (Michael Tokarev)
[2026-04-26] Accepted freerdp3 3.25.0+dfsg-4 (source) into unstable (Michael Tokarev)
[2026-04-25] Accepted freerdp3 3.25.0+dfsg-3 (source) into unstable (Michael Tokarev)
[2026-04-25] Accepted freerdp3 3.25.0+dfsg-2 (source) into unstable (Michael Tokarev)
[2026-04-24] Accepted freerdp3 3.25.0+dfsg-1 (source) into unstable (Michael Tokarev)
[2026-03-29] Accepted freerdp3 3.24.2+dfsg-1~bpo13+1 (source) into stable-backports (Michael Tokarev)
[2026-03-29] freerdp3 3.24.2+dfsg-1 MIGRATED to testing (Debian testing watch)
[2026-03-25] Accepted freerdp3 3.24.2+dfsg-1 (source) into unstable (Michael Tokarev)
[2026-03-20] freerdp3 3.24.1+dfsg-1 MIGRATED to testing (Debian testing watch)
[2026-03-18] Accepted freerdp3 3.24.1+dfsg-1 (source) into unstable (Michael Tokarev)
[2026-03-15] Accepted freerdp3 3.24.0+dfsg-2 (source) into unstable (Michael Tokarev)
[2026-03-13] Accepted freerdp3 3.24.0+dfsg-1 (source) into unstable (Michael Tokarev)
[2026-02-28] Accepted freerdp3 3.23.0+dfsg-1~bpo13+1 (source amd64 all) into stable-backports (Debian FTP Masters) (signed by: Michael Tokarev)
[2026-02-28] freerdp3 3.23.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2026-02-25] Accepted freerdp3 3.23.0+dfsg-1 (source) into unstable (Michael Tokarev)
[2026-02-19] freerdp3 3.22.0+dfsg-3 MIGRATED to testing (Debian testing watch)
[2026-02-11] Accepted freerdp3 3.22.0+dfsg-3 (source) into unstable (Michael Tokarev)
[2026-02-01] Accepted freerdp3 3.22.0+dfsg-1~bpo13+1 (source) into stable-backports (Michael Tokarev)
[2026-01-31] Accepted freerdp3 3.22.0+dfsg-1~bpo13+0 (source amd64) into stable-backports (Debian FTP Masters) (signed by: Michael Tokarev)
[2026-01-31] freerdp3 3.22.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2026-01-29] Accepted freerdp3 3.22.0+dfsg-1 (source) into unstable (Michael Tokarev)
[2026-01-24] freerdp3 3.21.0+dfsg-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 6
RC: 1
I&N: 3
M&W: 1
F&P: 1
patch: 0

links

homepage
lintian (0, 233)
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.27.0+dfsg-1