deepcrayon/buildroot
deepcrayon/buildroot
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
buildroot/package/freerdp/freerdp.hash
Fabrice Fontaine 7f54bfc169 package/freerdp: security bump to version 2.1.2 
- Fix CVE-2020-4030: In FreeRDP before version 2.1.2, there is an out of
  bounds read in TrioParse. Logging might bypass string length checks
  due to an integer overflow.
- Fix CVE-2020-4031: In FreeRDP before version 2.1.2, there is a
  use-after-free in gdi_SelectObject. All FreeRDP clients using
  compatibility mode with /relax-order-checks are affected.
- Fix CVE-2020-4032: In FreeRDP before version 2.1.2, there is an
  integer casting vulnerability in update_recv_secondary_order. All
  clients with +glyph-cache /relax-order-checks are affected.
- Fix CVE-2020-4033: In FreeRDP before version 2.1.2, there is an out of
  bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions
  with color depth < 32 are affected.
- Fix CVE-2020-11095: In FreeRDP before version 2.1.2, an out of bound
  reads occurs resulting in accessing a memory location that is outside
  of the boundaries of the static array
  PRIMARY_DRAWING_ORDER_FIELD_BYTES.
- Fix CVE-2020-11096: In FreeRDP before version 2.1.2, there is a global
  OOB read in update_read_cache_bitmap_v3_order. As a workaround, one
  can disable bitmap cache with -bitmap-cache (default).
- Fix CVE-2020-11097: In FreeRDP before version 2.1.2, an out of bounds
  read occurs resulting in accessing a memory location that is outside
  of the boundaries of the static array
  PRIMARY_DRAWING_ORDER_FIELD_BYTES.
- Fix CVE-2020-11098: In FreeRDP before version 2.1.2, there is an
  out-of-bound read in glyph_cache_put. This affects all FreeRDP clients
  with `+glyph-cache` option enabled.
- Fix CVE-2020-11099: In FreeRDP before version 2.1.2, there is an out
  of bounds read in license_read_new_or_upgrade_license_packet. A
  manipulated license packet can lead to out of bound reads to an
  internal buffer.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-07-13 18:32:17 +02:00

6 lines
267 B
Plaintext
Raw Blame History

# From https://pub.freerdp.com/releases/freerdp-2.1.2.tar.gz.sha256
sha256 f33bc6aef83b8ad3cbf2cdbc82dcfa980ec2b051efb72650f6f2365d55b79b8d freerdp-2.1.2.tar.gz
# Locally calculated
sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 LICENSE
Reference in a new issue View git blame Copy permalink