Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.changes > #13593
| From | Debian FTP Masters <ftpmaster@ftp-master.debian.org> |
|---|---|
| Newsgroups | linux.debian.changes |
| Subject | Accepted freerdp3 3.15.0+dfsg-2.1+deb13u1 (source) into proposed-updates |
| Date | 2026-05-02 22:50 +0200 |
| Message-ID | <MQprJ-273D-63@gated-at.bofh.it> (permalink) |
| Organization | linux.* mail to news gateway |
[Multipart message — attachments visible in raw view] - view raw
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 28 Mar 2026 20:59:33 +0300
Source: freerdp3
Architecture: source
Version: 3.15.0+dfsg-2.1+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian Remote Maintainers <debian-remote@lists.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Closes: 1112191 1121299
Changes:
freerdp3 (3.15.0+dfsg-2.1+deb13u1) trixie; urgency=medium
.
* two patches from upstream (from 3.16) (Closes: #1112191):
core-redirection-Ensure-stream-has-space-for-cert.patch
core-redirection-Ensure-stream-has-space-for-all-params.patch
* client-x11-fix-clipboard-issues.patch (Closes: #1121299)
* client-desktop-fix-StartupWMClass-setting.patch:
restore x11 desktop icon for xfreerdp3
* d/patches/README: remove obsolete file
.
* security fixes for client from 3.20.1 (medium):
.
CVE-2026-22851: RDPGFX ResetGraphics race leads to use after free
in SDL3 client (sdl->primary)
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8g87-6pvc-wh99
client-sdl-lock-primary-while-used-CVE-2026-22851.patch
CVE-2026-22852: Heap buffer overflow in audin_process_formats
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9chc-g79v-4qq4
channels-audin-free-up-old-audio-formats-CVE-2026-22852.patch
CVE-2026-22853: Heap buffer overflow in ndr_read_uint8Array
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-47v9-p4gp-w5ch
channels-rdpear-add-checks-for-itemSize-CVE-2026-22853.patch
CVE-2026-22854: Heap buffer overflow in drive_process_irp_read
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-47vj-g3c3-3rmf
channels-drive-fix-constant-type-CVE-2026-22854.patch
CVE-2026-22855: Heap buffer overflow in smartcard_unpack_set_attrib_call
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rwp3-g84r-6mx9
utils-smartcard-add-length-validity-checks-CVE-2026-22855.patch
also pick:
utils-smartcard-handle-output-buffer-too-small.patch
utils-smartcard-improve-trace-log.patch
utils-smartcard-better-logging-and-error-checks.patch
CVE-2026-22856: Heap use after free in create_irp_thread
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w842-c386-fxhv
channels-serial-explicitly-lock-serial-IrpThreads-CVE-2026-22856.patch
CVE-2026-22857: Heap use after free in irp_thread_func
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4gxq-jhq6-4cr8
channels-serial-fix-use-after-free-CVE-2026-22857.patch
CVE-2026-22858: Global buffer overflow in crypto_base64_decode
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qmqf-m84q-x896
(this also affects freerdp proxy, not just client)
crypto-base64-do-proper-length-checks-CVE-2026-22858.patch
also pick:
crypto-base64-ensure-char-is-singend.patch
CVE-2026-22859: Heap buffer overflow in urb_select_configuration
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-56f5-76qv-2r36
channels-urbdrc-check-interface-indices-before-use-CVE-2026-22859.patch
.
* security fixes for client from 3.21 (medium):
.
CVE-2026-23530: Heap buffer overflow in planar_decompress_plane_rle
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-r4hv-852m-fq7p
codec-planar-fix-decoder-length-checks-CVE-2026-23530.patch
CVE-2026-23531: Heap buffer overflow in clear_decompress
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xj5h-9cr5-23c5
codec-clear-fix-missing-length-checks-CVE-2026-23531.patch
CVE-2026-23532: Heap buffer overflow in gdi_SurfaceToSurface
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fq8c-87hj-7gvr
gdi-gfx-properly-clamp-SurfaceToSurface-CVE-2026-23532.patch
CVE-2026-23533: Heap buffer overflow in clear_decompress_residual_data
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-32q9-m5qr-9j2v
codec-clear-fix-clear_resize_buffer-checks-CVE-2026-23533.patch
CVE-2026-23534: Heap buffer overflow in clear_decompress_bands_data
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3frr-mp8w-4599
codec-clear-fix-off-by-one-length-check-CVE-2026-23534.patch
CVE-2026-23732: Heap buffer overflow in Glyph_Alloc
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7qxp-j2fj-c3pp
codec-color-add-freerdp_glyph_convert_ex-CVE-2026-23732.patch
gdi-graphics-Use-freerdp_glyph_convert_ex-CVE-2026-23732.patch
CVE-2026-23883: Heap use after free in update_pointer_new
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qcrr-85qx-4p6x
client-x11-fix-double-free-in-case-of-invalid-pointe-CVE-2026-23883.patch
CVE-2026-23884: Heap use after free in gdi_set_bounds
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cfgj-vc84-f3pp
cache-offscreen-invalidate-bitmap-before-free-CVE-2026-23884.patch
.
* security fixes for client from 3.22 (medium):
.
CVE-2026-23948: NULL Pointer Dereference in rdp_write_logon_info_v2()
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6f3c-qvqq-2px5
core-info-fix-missing-NULL-check-CVE-2026-23948.patch
CVE-2026-24491: Heap-use-after-free in video_timer
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4x6j-w49r-869g
channels-drdynvc-reset-channel_callback-before-close-CVE-2026-24491.patch
also pick:
clang-warnings-fix-Wjump-misses-init-drdynvc_main.patch
channels-drdynvc-check-pointer-before-reset.patch (fixup on top)
CVE-2026-24675: Heap-use-after-free in urb_select_interface
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x9jr-99h2-g7mj
channels-urbdrc-do-not-free-MsConfig-on-failure-CVE-2026-24491.patch
CVE-2026-24676: Heap-use-after-free in audio_format_compatible
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qh5p-frq4-pgxj
channels-audin-reset-audin-format-CVE-2026-24676.patch
CVE-2026-24677: Heap-buffer-overflow in ecam_encoder_compress_h264
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xw37-j744-f8v7
channels-rdpecam-ensure-sws-context-size-matches-CVE-2026-24677.patch
also pick:
clang-warnings-fix-Wjump-misses-init-remdesk_main.patch
channels-rdpecam-improve-log-messages.patch
rdpecam-fix-camera-sample-grabbing.patch
channels-rpdecam-log-dropped-samples.patch
fix-camera-sample-grabbing is a separate bugfix, but it also
removes the need to back-port the main fix to 3.15
CVE-2026-24678: Heap-use-after-free in cam_v4l_stream_capture_thread
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6gvg-29wx-6v7h
channels-rdpecam-ensure-all-streams-are-stopped-CVE-2026-24678.patch
CVE-2026-24679: Heap-buffer-overflow in urb_select_interface
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2jp4-67x6-gv7x
channels-urbdrc-ensure-InterfaceNumber-is-within-ran-CVE-2026-24679.patch
CVE-2026-24680: Heap-use-after-free in update_pointer_new(SDL)
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-j893-9wg8-33rc
client-sdl-reset-pointer-after-memory-release-CVE-2026-24680.patch
CVE-2026-24681: Heap-use-after-free in urb_bulk_transfer_cb
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-ccvv-hg2w-6x9j
channels-urbdrc-cancel-all-usb-transfers-on-channel--CVE-2026-24681.patch
CVE-2026-24682: Heap-buffer-overflow in audio_formats_free
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcw2-pqgw-mx6g
channels-audin-fix-audin_server_recv_formats-cleanup-CVE-2026-24682.patch
CVE-2026-24683: Heap-use-after-free in ainput_send_input_event
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-45pf-68pj-fg8q
channels-ainput-lock-context-when-updating-listener-CVE-2026-24683.patch
CVE-2026-24684: Heap-use-after-free in play_thread
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcgv-xgjp-h83q
channel-rdpsnd-only-clean-up-thread-before-free-CVE-2026-24684.patch
channels-rdpsnd-terminate-thread-before-free-CVE-2026-24684.patch
.
* security fixes for client from 3.23 (medium):
.
CVE-2026-25941 Out-of-bounds read in rdpgfx_recv_wire_to_surface_2_pdu
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3546-x645-5cf8
channels-rdpgfx-check-available-stream-length-CVE-2026-25941.patch
CVE-2026-25942 Global-buffer-overflow in xf_rail_server_execute_result
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-78q6-67m7-wwf6
client-x11-stringfiy-functions-for-RAILS-CVE-2026-25942.patch
CVE-2026-25952 CVE-2026-25953 CVE-2026-25954
Heap-use-after-free in xf_SetWindowMinMaxInfo
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqm-cwjg-7w9x
Heap-use-after-free in xf_AppUpdateWindowFromSurface (freed appWindow)
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p6rq-rxpc-rh3p
Heap-use-after-free in xf_rail_server_local_move_size
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cc88-4j37-mw6j
client-x11-lock-appWindow-CVE-2026-25952-CVE-2026-25953-CVE-2026-25954.patch
CVE-2026-25955 Heap-use-after-free in xf_AppUpdateWindowFromSurface
(stale XImage)
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4g54-x8v7-559x
client-x11-destroy-XImage-on-window-unmap-CVE-2026-25955.patch
(also client-x11-fix-missing-includes.patch)
CVE-2026-25959 Heap-use-after-free in xf_cliprdr_provide_data_
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-78xg-v4p2-4w3c
client-x11-lock-cache-when-providing-data-CVE-2026-25959.patch
CVE-2026-25997 Heap-use-after-free in xf_clipboard_format_equal
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5j3-m6jf-3jq4
client-X11-fix-clipboard-update-CVE-2026-25997.patch
CVE-2026-26271 Buffer Overread in FreeRDP Icon Processing
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hr4m-ph4g-48j6
codec-color-fix-input-length-checks-CVE-2026-26271.patch
CVE-2026-26986 Heap-use-after-free in rail_window_free
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-crqx-g6x5-rx47
client-x11-fix-xf_rail_window_common-cleanup-CVE-2026-26986.patch
CVE-2026-27015 Smartcard NDR Alignment Padding Triggers Reachable
WINPR_ASSERT Abort (Client DoS)
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7g72-39pq-4725
utils-smartcard-check-stream-length-on-padding-CVE-2026-27015.patch
CVE-2026-26955 Heap Out-of-Bounds Write in ClearCodec Surface Command
Handler via Missing Bounds Validation
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mr6w-ch7c-mqqj
codec-clear-fix-missing-destination-boundary-checks.patch
codec-clear-fix-destination-checks-CVE-2026-26955.patch
CVE-2026-26965 Heap Out-of-Bounds Write in Planar Bitmap RLE Decompression
via Destination Offset
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5vgf-mw4f-r33h
codec-planar-fix-missing-destination-bounds-checks-CVE-2026-26965.patch
.
* These fixes introduces symbols into libfreerdp3, which don't exist in
versions before 3.21.0, - add them to this version with a virtual package
libfreerdp3-partial-api-3-21, with an alternative Depends field:
libfreerdp3-partial-api-3-21 | libfreerdp3-3 (>>3.21.0)
so apt dependency solver does the right thing for users of these symbols.
This virtual package (libfreerdp3-partial-api-3-21) exists in trixie only.
.
* additional 4 upstream patches fixing a range of issues in rdpecam
.
winpr-wlog-Add-specialized-text-log-functions.patch -
preparational (two new log functions, libwinpr3-partial-api-3-17)
warnings-Fix-format-string-errors-partial.patch -
printf string fixes in existing code after the above patch
(partial, only hunks which applies cleanly are kept,
no attempt to back-port other hunks)
channels-rdpecam-add-value-range-checks.patch -
missing range checking in rdpecam code
channels-rdpecam-fix-PROPERTY_DESCRIPTION-parsing.patch -
additional fix for CVE-2026-24677 fix
.
* CVE-2025-4478.patch: add DEP-3 headers
Checksums-Sha1:
9fa94d8017a088cda53f00b698e0415aaa5bf3c3 4245 freerdp3_3.15.0+dfsg-2.1+deb13u1.dsc
3db22e0c3b1880ed6aec96801e87ee82fdedd1cf 124844 freerdp3_3.15.0+dfsg-2.1+deb13u1.debian.tar.xz
7c27f57e5fe3b84adace29c36e3700023c5cf5d6 10664 freerdp3_3.15.0+dfsg-2.1+deb13u1_source.buildinfo
Checksums-Sha256:
0fa6c714527cc967b69ed0ede2d45c1ce672b5cdccc7151af281d77dad67082c 4245 freerdp3_3.15.0+dfsg-2.1+deb13u1.dsc
4665ab0f24d05d071a53dc4f90cc9ab1e9465cfebfdeab8e00f7e16cc5f493f4 124844 freerdp3_3.15.0+dfsg-2.1+deb13u1.debian.tar.xz
dc51a0f7d4b534454f8a11b71f498bc15cc7da6ca9799384516c083a9976fbee 10664 freerdp3_3.15.0+dfsg-2.1+deb13u1_source.buildinfo
Files:
fd9b49e980de3d4a31c59cef7de4cdaf 4245 x11 optional freerdp3_3.15.0+dfsg-2.1+deb13u1.dsc
60b8c7586d5a0ac2192d77f5a2e24561 124844 x11 optional freerdp3_3.15.0+dfsg-2.1+deb13u1.debian.tar.xz
1eaaa57098936ba2f4c5b6bb6e4bbde8 10664 x11 optional freerdp3_3.15.0+dfsg-2.1+deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJpyBcRCRCCqkokOx6UeEcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmcWQgP5IaQQ+P90z5Zq2cCpHKCVj0gJcs1b97QOa0ab
7RYhBGSqKrUx1WkDNmv++YKqSiQ7HpR4AAAnMw/+IEg3IbBKAKWl4hd5JjYvGuDw
HNa/0sh0n0gyLJH6jQZsAFES4g/yP6+X6EdK37VUYFVrK3eE8YGLGLJa8jPIMmTc
nw20F87baVIyrwAEbammOg/OG9QJOOdtHQ14lhBOZRjPzFCaVcQ5OSYwqx2w4J1x
JjFDNDbQxwHPUR2he9nMcMo4n/xG1Nn/1igLvZt2IgJp2uQ1oIKMieWvxgloGuKE
Ob8+V3XVH1nHc97BdCp9hwf81Z11SovRmBFpiBujxVWaBPzYdKXXG6cluR6D9m8v
XD4KpbcXo6tgKvgBDTOfnOTQZGr4oE+iq5rOcdkUESLopekUqXig8N9jR9gHky1B
Txnf2Y/xNwefpdE/467i8S/aJE3SNT4CF20p3NsV8rVnwtkAFbjFgtWUOX5jlmNw
uNpbit9Zy8uYGtrDEzSJa4DDX/bmfwNg8uo+j7XYw0UD4g0GOnwuxafy8DM4InMB
61T7qclc3BsxszK3q5ENoZ3xRSFcPPMCyO+5urqW7jxlw/Jh1R12XqPX5WBqqGDI
/kDt01IkfnAZ5JQGvOUEp75i3WZYC3mlkcE85x/GBXzV4c5xQL0m3qrqNJJpDZYr
Fiw5AcAfifWBAELP/FRplsCVOkZVtZ8zVRDdDd8n/RpqUYVOPoAqfFC4MWMLOePD
DIZLbajyrWoyqRFKmpw=
=l8v9
-----END PGP SIGNATURE-----
Back to linux.debian.changes | Previous | Next | Find similar
Accepted freerdp3 3.15.0+dfsg-2.1+deb13u1 (source) into proposed-updates Debian FTP Masters <ftpmaster@ftp-master.debian.org> - 2026-05-02 22:50 +0200
csiph-web