1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1105917: marked as done (freerdp3: CVE-2025-4478) (2/2)

    From Debian Bug Tracking System@1:229/2 to All on Mon May 26 15:10:01 2025
    [continued from previous message]

    ebgELrFyE2zQxIU6FfKkA2Qor66iSJ896hQ5lRvxc51+mpJPlfutGb5OM8WpOYP4tiDoxFXEdDeVk
    Dk60mTEwxlZE7CHW+z3vi7wSpSnuZcMSie3XoKifuxOQj6R+6LXPX+YIVme5OZVR2gwNgPBCpyZYM
    2t99rYV340Kqb2mI2VQ8nPNTOrgoluIEqCG4Ey7QbRjh6RmzunSl9SMdF+GBjp6NilWLYly838QA0
    Rv3EKVAA==;
    Received: from dak by fasolo.debian.org with local (Exim 4.94.2)
    (envelope-from <envelope@ftp-master.debian.org>)
    id 1uJXVE-008zmG-VX; Mon, 26 May 2025 13:04:28 +0000
    From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
    Reply-To: Daniel Baumann <daniel@debian.org>
    To: 1105917-close@bugs.debian.org
    X-DAK: dak process-upload
    X-Debian: DAK
    X-Debian-Package: freerdp3
    Debian: DAK
    Debian-Changes: freerdp3_3.15.0+dfsg-2.1_amd64.changes
    Debian-Source: freerdp3
    Debian-Version: 3.15.0+dfsg-2.1
    Debian-Architecture: source
    Debian-Suite: unstable
    Debian-Archive-Action: accept
    MIME-Version: 1.0
    Subject: Bug#1105917: fixed in freerdp3 3.15.0+dfsg-2.1
    Content-Type: multipart/signed; micalg="pgp-sha256";
    protocol="application/pgp-signature";
    boundary="===============5976134821350455832=="
    Message-Id: <E1uJXVE-008zmG-VX@fasolo.debian.org>
    Date: Mon, 26 May 2025 13:04:28 +0000

    --===============5976134821350455832==
    Content-Type: text/plain; charset="utf-8"
    Content-Transfer-Encoding: quoted-printable

    Source: freerdp3
    Source-Version: 3.15.0+dfsg-2.1
    Done: Daniel Baumann <daniel@debian.org>

    We believe that the bug you reported is fixed in the latest version of freerdp3, which is due to be installed in the Debian FTP archive.

    A summary of the changes between this version and the previous one is
    attached.

    Thank you for reporting the bug, which will now be closed. If you
    have further comments please address them to 1105917@bugs.debian.org,
    and the maintainer will reopen the bug report if appropriate.

    Debian distribution maintenance software
    pp.
    Daniel Baumann <daniel@debian.org> (supplier of updated freerdp3 package)

    (This message was generated automatically at their request; if you
    believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org)


    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Mon, 26 May 2025 14:38:19 +0200
    Source: freerdp3
    Architecture: source
    Version: 3.15.0+dfsg-2.1
    Distribution: unstable
    Urgency: medium
    Maintainer: Debian Remote Maintainers <debian-remote@lists.debian.org> Changed-By: Daniel Baumann <daniel@debian.org>
    Closes: 1105917
    Changes:
    freerdp3 (3.15.0+dfsg-2.1) unstable; urgency=medium
    .
    * Non-maintainer upload.
    * Cherry-picking patch from upstream:
    - A flaw was found where a crafted RDP packet could trigger a segmentation
    fault. This causes FreeRDP to crash and remain defunct, resulting in a
    denial of service. Initializing function pointers in transport.c after
    resource allocation fixes this [CVE-2025-4478] (Closes: #1105917). Checksums-Sha1:
    4730635957760e4a3459f5abbca77875a184a4dc 3507 freerdp3_3.15.0+dfsg-2.1.dsc
    49f8f85ed62fe13cd14aa8a0dfa8646a72b4c6cb 57368 freerdp3_3.15.0+dfsg-2.1.debian.tar.xz
    6f9134ee122c9f3321b5f57954326ecf450a4c2f 26210 freerdp3_3.15.0+dfsg-2.1_amd64.buildinfo
    Checksums-Sha256:
    2c4f8257491193f4a54b4a865e019cb4ca7c4d644b9e94d5d26f6391b7846a0d 3507 freerdp3_3.15.0+dfsg-2.1.dsc
    dfda6d020a9b6bfb4812e354c31f1de694c33284d8bbea4ec7c0b878b66fa5c7 57368 freerdp3_3.15.0+dfsg-2.1.debian.tar.xz
    44306448b8b7bca22ebe85c40cb3f9f330701c7d2bf9a882e336cc2f52dcfe09 26210 freerdp3_3.15.0+dfsg-2.1_amd64.buildinfo
    Files:
    ceaaa41b5faf986abc2b8031e5881b83 3507 x11 optional freerdp3_3.15.0+dfsg-2.1.dsc
    253871191f2d69b0a6c5ae709f1883fe 57368 x11 optional freerdp3_3.15.0+dfsg-2.1.debian.tar.xz
    e623d245ef209bd95fd29e5f733be768 26210 x11 optional freerdp3_3.15.0+dfsg-2.1_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iHUEARYKAB0WIQQmmGg4gLaoSj0ERgL7tPDoCoAiLwUCaDRiOgAKCRD7tPDoCoAi L+ORAQDHJSdlhyaihlKF/mWqLYBWab/iCO038MWmRqwsdFS2UwD/fI5vBARQ43mm vpFHlkfY2NF0U5ZzU9PledR5OOn9wAk=
    =1Ka7
    -----END PGP SIGNATURE-----


    --==============Y76134821350455832=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaDRm3AAKCRCb9qggYcy5 IetqAP9fjjFWEC70vUl+G9znMZE6QDEAIsdVKvyxYUiV0JiGEwEA8I023LSNeoUf m/OrdvoJ7zg3fwaYVbIHsYTvgEq2GA8ČuX
    -----END PGP SIGNATURE-----

    --==============Y76134821350455832==--

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)