Bug 733328 (CVE-2020-15103)

Summary:	<net-misc/freerdp-2.2.0: Integer overflow in rdpegfx channel (CVE-2020-15103)
Product:	Gentoo Security	Reporter:	Sam James <sam>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	ajak, floppym
Priority:	Normal	Flags:	nattka: sanity-check+
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [noglsa cve]
Package list:	net-misc/freerdp-2.2.0	Runtime testing required:	---

Description Sam James archtester

2020-07-20 14:19:03 UTC

From release notes (https://github.com/FreeRDP/FreeRDP/releases/tag/2.2.0):
"SECURITY: CVE-2020-15103 - Integer overflow due to missing input sanitation in rdpegfx channel"

Comment 1 Sam James archtester

2020-07-20 14:20:04 UTC

Please bump to 2.2.0.

Comment 2 John Helmert III archtester

2020-07-25 18:06:42 UTC

commit ab472d47ab67dd488aa848e35df177bc0f815b64
Author: Mike Gilbert <floppym@gentoo.org>
Date:   Sat Jul 25 13:59:39 2020 -0400

    net-misc/freerdp: bump to 2.2.0

    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 create mode 100644 net-misc/freerdp/freerdp-2.2.0.ebuild

Comment 3 Sam James archtester

2020-08-05 18:12:40 UTC

ping

Comment 4 Sam James archtester

2020-08-06 03:41:21 UTC

arm64 done

Comment 5 Sam James archtester

2020-08-06 14:35:14 UTC

arm done

Comment 6 Agostino Sarubbo gentoo-dev

2020-08-07 11:45:30 UTC

amd64 stable

Comment 7 Agostino Sarubbo gentoo-dev

2020-08-07 11:47:32 UTC

ppc stable

Comment 8 Agostino Sarubbo gentoo-dev

2020-08-07 11:48:22 UTC

ppc64 stable

Comment 9 Agostino Sarubbo gentoo-dev

2020-08-07 11:53:31 UTC

x86 stable.

Maintainer(s), please cleanup.
Security, please vote.

Comment 10 Sam James archtester

2020-08-08 02:37:59 UTC

GLSA vote: no

Comment 11 Sam James archtester

2020-08-29 00:26:56 UTC

ping