upload to stretch-security (debian/1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4)

bc58ca95 · Mike Gabriel · 00fa2591 · bc58ca95
Commit bc58ca95 authored Aug 30, 2020 by Mike Gabriel
--- a/debian/changelog
+++ b/debian/changelog
+freerdp (1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4) stretch-security; urgency=medium
+
+  * CVE-2014-0791: libfreerdp/core/license.c: the remaining length in the stream
+    is checked before doing some malloc().
+  * CVE-2020-11042: libfreerdp/core/window.c: Check length in
+    update_read_icon_info.
+  * CVE-2020-11045: libfreerdp/core/update.c: Bounds checks in
+    update_read_bitmap_data.
+  * CVE-2020-11046: libfreerdp/core/update.c: Bounds checks in
+    update_read_synchronize.
+  * CVE-2020-11048: libfreerdp/core/rdp.c: rdp_read_share_control_header.
+  * CVE-2020-11058: libfreerdp/core/capabilities.c: Bounds check in
+    rdp_read_font_capability_set.
+  * CVE-2020-11521: libfreerdp/core/orders.c: Out of bounds write in planar
+    codec.
+  * CVE-2020-11522: libfreerdp/core/orders.c: Limit number of DELTA_RECT to
+    45.
+  * CVE-2020-11523: libfreerdp/gdi/region.c: clamp invalid rectangles to size 0.
+  * CVE-2020-11525: libfreerdp/cache/bitmap.c: Out of bounds read in
+    bitmap_cache_new.
+  * CVE-2020-11526: libfreerdp/core/orders.c: Out of bounds read in
+    update_recv_orders.
+  * CVE-2020-13396: winpr/libwinpr/sspi/NTLM/ntlm_message.c: oob read in
+    ntlm_read_ChallengeMessage.
+  * CVE-2020-13397: libfreerdp/core/security.c: Missing NULL check.
+  * CVE-2020-13398: libfreerdp/crypto/crypto.c: heap overflow.
+
+ -- Mike Gabriel <sunweaver@debian.org>  Sun, 30 Aug 2020 00:12:05 +0200
+
 freerdp (1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3) stretch; urgency=medium

  * debian/patches: Add security patches.