Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 724380 (CVE-2020-13396, CVE-2020-13397, CVE-2020-13398) - <net-misc/freerdp-2.1.1: Multiple vulnerabilities (CVE-2020-{13396,13397,13398})
Summary: <net-misc/freerdp-2.1.1: Multiple vulnerabilities (CVE-2020-{13396,13397,13398})
Status: RESOLVED FIXED
Alias: CVE-2020-13396, CVE-2020-13397, CVE-2020-13398
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: 727446
Blocks:
  Show dependency tree
 
Reported: 2020-05-21 01:11 UTC by Sam James
Modified: 2020-07-27 20:27 UTC (History)
2 users (show)

See Also:
Package list:
net-misc/freerdp-2.1.1-r1
Runtime testing required: ---
nattka: sanity-check-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-05-21 01:11:35 UTC
* CVE: GHSL-2020-100 OOB Read in ntlm_read_ChallengeMessage
* CVE: GHSL-2020-101 OOB Read in security_fips_decrypt due to uninitialized value
* CVE: GHSL-2020-102 OOB Write in crypto_rsa_common
Comment 1 Agostino Sarubbo gentoo-dev 2020-05-21 09:03:53 UTC
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2020-05-21 09:04:19 UTC
arm stable
Comment 3 Agostino Sarubbo gentoo-dev 2020-05-21 09:05:43 UTC
x86 stable
Comment 4 Sam James archtester gentoo-dev Security 2020-05-23 17:18:54 UTC
[just adding the corresponding CVEs; nothing new...]
Comment 5 Sam James archtester gentoo-dev Security 2020-06-06 19:41:26 UTC
arm64 stable

----
@ppc, @ppc64: ping
Comment 6 ernsteiswuerfel 2020-06-07 18:20:32 UTC
ppc fails one test (bug #727446).
Comment 7 Agostino Sarubbo gentoo-dev 2020-06-09 13:49:38 UTC
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-06-09 13:50:54 UTC
ppc64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 9 Sam James archtester gentoo-dev Security 2020-06-18 02:33:58 UTC
@maintainer(s), ping, please cleanup
Comment 10 NATTkA bot gentoo-dev 2020-07-18 13:21:02 UTC
Unable to check for sanity:

> no match for package: net-misc/freerdp-2.1.1-r1
Comment 11 John Helmert III (ajak) 2020-07-25 18:38:57 UTC
Looks like tree is clean as of Jun 30:

commit 5718555fdda5e5589a99006926399f38cbbb6fe2
Author: Mike Gilbert <floppym@gentoo.org>
Date:   Tue Jun 30 10:18:38 2020 -0400

    net-misc/freerdp: remove old

    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 delete mode 100644 net-misc/freerdp/freerdp-2.1.0.ebuild