Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 724380 (CVE-2020-13396, CVE-2020-13397, CVE-2020-13398)

Summary: <net-misc/freerdp-2.1.1: Multiple vulnerabilities (CVE-2020-{13396,13397,13398})
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: ajak, floppym
Priority: Normal Flags: nattka: sanity-check-
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
net-misc/freerdp-2.1.1-r1
Runtime testing required: ---
Bug Depends on: 727446    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-21 01:11:35 UTC
* CVE: GHSL-2020-100 OOB Read in ntlm_read_ChallengeMessage
* CVE: GHSL-2020-101 OOB Read in security_fips_decrypt due to uninitialized value
* CVE: GHSL-2020-102 OOB Write in crypto_rsa_common
Comment 1 Agostino Sarubbo gentoo-dev 2020-05-21 09:03:53 UTC
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2020-05-21 09:04:19 UTC
arm stable
Comment 3 Agostino Sarubbo gentoo-dev 2020-05-21 09:05:43 UTC
x86 stable
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-23 17:18:54 UTC
[just adding the corresponding CVEs; nothing new...]
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-06 19:41:26 UTC
arm64 stable

----
@ppc, @ppc64: ping
Comment 6 ernsteiswuerfel archtester 2020-06-07 18:20:32 UTC
ppc fails one test (bug #727446).
Comment 7 Agostino Sarubbo gentoo-dev 2020-06-09 13:49:38 UTC
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-06-09 13:50:54 UTC
ppc64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 9 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-18 02:33:58 UTC
@maintainer(s), ping, please cleanup
Comment 10 NATTkA bot gentoo-dev 2020-07-18 13:21:02 UTC
Unable to check for sanity:

> no match for package: net-misc/freerdp-2.1.1-r1
Comment 11 John Helmert III gentoo-dev Security 2020-07-25 18:38:57 UTC
Looks like tree is clean as of Jun 30:

commit 5718555fdda5e5589a99006926399f38cbbb6fe2
Author: Mike Gilbert <floppym@gentoo.org>
Date:   Tue Jun 30 10:18:38 2020 -0400

    net-misc/freerdp: remove old

    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 delete mode 100644 net-misc/freerdp/freerdp-2.1.0.ebuild